The US Cybersecurity and Infrastructure Agency (CISA) is warning admins that a Microsoft SharePoint Server flaw is now being actively exploited in the wild.
In a new addition to its Known Exploited Vulnerabilities (KEV) catalog, CISA says CVE-2023-29357 is being used to gain elevated privileges.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” it noted.
Microsoft described the vulnerability as a privilege escalation flaw and patched it with the June 2023 Patch Tuesday cumulative update.
“An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user,” Microsoft said. “The attacker needs no privileges nor does the user need to perform any action.”
As per TheHackerNews, security researcher Nguyễn Tiến Giang (Jang) of StarLabs SG showed the vulnerability in action at the Pwn2Own Vancouver hacking contest and earned $100,000 in prize money. He chained the flaw with CVE-2023-24955 (patched in May this year), and gained remote code execution capabilities on an infected endpoint.
The latter had a severity score of 7.2.
“The process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain,” the researcher said in a report published in September last year.
CISA did not share more details in its alert, so we don’t know who the threat actors are, or who they’re targeting, other than the fact that the victims could be Federal organizations. “CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice,” the organization concluded.
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews