⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-01-31.

CVE-2023-29357Incorrect Implementation of Authentication Algorithm in Microsoft Sharepoint Server 2019

CWE-303Incorrect Implementation of Authentication Algorithm13 documents11 sources
Severity
9.8CRITICALNVD
EPSS
94.4%
top 0.04%
CISA KEV
KEVRansomware
Added 2024-01-10
Due 2024-01-31
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Sharepoint Server 2019Microsoft Sharepoint Server
Timeline
PublishedJun 14
KEV addedJan 10
KEV dueJan 31
Latest updateMar 27
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft/microsoft_sharepoint_server_201916.0.016.0.10399.20005

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-m2h6-v37r-r43p: Microsoft SharePoint Server Elevation of Privilege Vulnerability2023-06-14
CVEList
Microsoft SharePoint Server Elevation of Privilege Vulnerability2023-06-13
VulnCheck
Microsoft SharePoint Server Privilege Escalation Vulnerability2023

💥Exploits & PoCs

2
Metasploit
Sharepoint Dynamic Proxy Generator Unauth RCE
Nuclei
Microsoft SharePoint - Authentication Bypass

📋Vendor Advisories

2
CISA
Microsoft SharePoint Server Privilege Escalation Vulnerability2024-01-10
Microsoft
Microsoft SharePoint Server Elevation of Privilege Vulnerability2023-06-13

🕵️Threat Intelligence

2
Bleepingcomputer
CISA tags Microsoft SharePoint RCE bug as actively exploited2024-03-27
Bleepingcomputer
Exploit released for Microsoft SharePoint Server auth bypass flaw2023-09-29
CVE-2023-29357 — Microsoft vulnerability | cvebase