CVE-2023-29357

Vulnerability updated 7 days ago (2024-11-29T14:09:42.779Z)
Download STIX
Preview STIX
CVE-2023-29357 is a high-severity vulnerability that was identified in Microsoft SharePoint Server. This flaw in software design or implementation allowed remote attackers to escalate privileges on affected installations of Microsoft SharePoint Server, posing a significant threat to the security of the system. The vulnerability was exploited during the Pwn2Own competition, demonstrating its critical nature and potential for misuse. It was among 78 CVEs addressed, including others such as CVE-2023-29363, CVE-2023-32014, CVE-2023-32015, and CVE-2023-32031, all of which were reported to be at high risk of exploitation. The vulnerability was proven to be exploitable due to attacks that took advantage of vulnerabilities previously patched in May and June 2023 (CVE-2023-24955 and CVE-2023-29357 respectively). These exploits highlighted the importance of maintaining up-to-date patches and emphasized the ongoing risks associated with software vulnerabilities. Despite these fixes, the continued exploitation of CVE-2023-29357 showed that threat actors were still able to take advantage of this vulnerability, underlining its severity. On January 11, 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that the flaw was being actively exploited by threat actors. This inclusion in the KEV catalog signaled a heightened need for organizations to prioritize addressing this vulnerability. Adam Barnett, lead software engineer at Rapid7, also stressed the urgency for organizations to prioritize this critical SharePoint elevation of privilege bug.
Description last updated: 2024-05-04T17:13:30.824Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Microsoft
Sharepoint
Exploit
Ivanti
CISA
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2023-29357 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago