CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.
Tracked as CVE-2023-29357, the security flaw enables remote attackers to get admin privileges on unpatched servers by circumventing authentication using spoofed JWT auth tokens.
Remote attackers can also execute arbitrary code on compromised SharePoint servers via command injection when chaining this flaw with the CVE-2023-24955 SharePoint Server remote code execution vulnerability.
This Microsoft SharePoint Server exploit chain was successfully demoed by STAR Labs researcher Jang during last year's March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.
The researcher published a technical analysis on September 25 describing the exploitation process in detail.
Just one day later, a security researcher also released a CVE-2023-29357 proof-of-concept exploit on GitHub.
Many other PoC exploits for this chain have surfaced online, lowering the exploitation bar and allowing even lesser-skilled threat actors to deploy it in attacks.
While it has yet to provide additional details on CVE-2023-29357 active exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and now requires U.S. federal agencies to patch it by the end of the month, on January 31.
Ivanti warns of Connect Secure zero-days exploited in attacks.
Cisco says critical Unity Connection bug lets attackers get root.
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers.
Ubisoft says it's investigating reports of a new security breach.
Russian hackers exploiting Outlook bug to hijack Exchange accounts.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 12 Jan 2024 19:25:11 +0000