CISA Alerts on Newly Exploited Microsoft SharePoint Vulnerability: CVE-2023-24955

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog by including a newly identified vulnerability within Microsoft SharePoint Server, known as CVE-2023-24955. This action was taken in light of concrete evidence pointing towards the active exploitation of this vulnerability by cyber threat actors.

Understanding CVE-2023-24955

CVE-2023-24955 is classified as a Remote Code Execution (RCE) vulnerability specific to Microsoft SharePoint Server. This vulnerability allows authenticated attackers, possessing Site Owner privileges, to execute arbitrary code on affected servers. This security flaw is part of a dangerous exploit chain that includes another critical vulnerability, CVE-2023-29357, which facilitates admin privilege escalation on SharePoint servers via authentication bypass with spoofed JWT auth tokens. This exploit chain was notably demonstrated by STAR Labs researcher Nguyễn Tiến Giang (Janggggg) during the Pwn2Own contest in Vancouver, March 2023.

Severity and Impact

The severity of CVE-2023-24955 has been rated as high, with a base score of 7.2 by Microsoft Corporation, highlighting the significant risk it poses to affected systems. The vulnerability affects several versions of SharePoint Server, including 2016, subscription edition, and 2019 configurations.

The CVSS vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H describes this vulnerability as one that can be exploited remotely with low complexity and requires no user interaction, although it demands high-level privileges for exploitation. CVE-2023-24955 poses a severe threat as it can completely compromise the confidentiality, integrity, and availability of a system, the entire CIA triad. Essentially, an attacker with sufficient privileges could remotely execute an attack without any interaction from the system’s users, leading to a significant impact on the system’s security and operational capabilities. Given its potential to cause widespread damage, addressing this vulnerability promptly is crucial for maintaining the security of affected systems.

Response and Remediation

Following the binding operational directive BOD 22-01, which mandates Federal Civilian Executive Branch (FCEB) agencies to address known exploited vulnerabilities, CISA requires federal agencies to apply necessary mitigations or discontinue the use of vulnerable products by April 16, 2024. Although BOD 22-01 specifically targets FCEB agencies, CISA strongly recommends that all organizations prioritize remediation of this vulnerability to mitigate potential cyberattacks.

Broader Implications and Advisory

The exploitation of CVE-2023-24955, especially when paired with CVE-2023-29357, presents a significant threat as it enables unauthenticated attackers to achieve remote code execution on unpatched servers. The release of a Proof-of-Concept (PoC) exploit for CVE-2023-29357 on GitHub has further exacerbated the situation, leading to the emergence of multiple PoC exploits that leverage this exploit chain. CISA’s addition of both vulnerabilities to its Known Exploited Vulnerabilities Catalog underscores the urgent need for organizations to secure their systems against these threats.

Although there is no evidence to suggest that these vulnerabilities have been utilized in ransomware attacks, their exploitation remains a critical concern for federal enterprises and the private sector alike, due to their potential use in facilitating unauthorized access and control over affected systems.

Organizations are advised to adhere to CISA’s guidance and promptly implement the recommended security measures to protect their networks from these and other cybersecurity threats.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.