A patched privilege escalation vulnerability impacting Microsoft SharePoint servers has been added to the identified exploited vulnerabilities (KEV) catalog of the US Cybersecurity and Infrastructure Safety Company (CISA).
Citing proof of energetic exploitation, CISA has tagged the important severity bug Microsoft beforehand launched fixes for as a part of its June 2023 Patch Tuesday updates.
Tracked as CVE-2023-29357, the vulnerability (CVSS 9.8) permits an unauthenticated attacker, who has gained entry to spoofed JSON Net Token (JWT) authentication tokens, to make use of them for executing a community assault, in line with the KEV entry.
“This assault bypasses authentication, enabling the attacker to achieve administrator privileges,” mentioned CISA within the entry. “Apply mitigations per vendor directions or discontinue use of the product if mitigations are unavailable.”
Doable exploits embody pre-authentication RCE
Whereas specifics of the real-world exploitations of CVE-2023-29357 stay unknown, a StarLabs security researcher, Nguyễn Tiến Giang, efficiently demonstrated a 2-bug chain exploitation of it at a pc hacking contest, PWN2OWN held in March 2023.
The competition exploit had mixed two vulnerabilities to realize pre-auth distant code execution (RCE) on the SharePoint server. Whereas the primary vulnerability (CVE-2023-29357) allowed bypassing authentication on SharePoint OAuth authentication by profiting from a flawed signature validation algorithm for JWT tokens, a second code injection vulnerability (CVE-2023-24955) allowed inserting arbitrary code with already obtained SharePoint proprietor permissions.