Microsoft SharePoint Server Elevation of Privilege Vulnerability (CVE-2023-29357) | allinfosecnews.com

Jan. 10, 2024, 9 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the vulnerability?
A vulnerability in Microsoft SharePoint Server is actively being exploited and targeting servers from Government, Telco and Education industries. The vulnerability tracked under CVE-2023-29357 is an authentication bypass vulnerability that adversaries may use to escalate privileges on affected installations of Microsoft SharePoint Server. Attackers may chain the vulnerability with other vulnerabilities for remote code execution to compromise the integrity, availability, and confidentiality of the target system.

What is the Vendor Solution?

Microsoft has released an official …

adversaries attackers authentication authentication bypass bypass bypass vulnerability cve cve-2023-29357 education elevation of privilege exploited government industries may microsoft microsoft sharepoint privilege privileges server servers sharepoint targeting telco under vulnerability what is

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671) 4 days, 14 hours ago | fortiguard.fortinet.com

browser can chrome chromium +15

GitLab Password Reset Vulnerability (CVE-2023-7028) 1 week ago | fortiguard.fortinet.com

account administrator attacker cisa +23

Tinyproxy use-after-free Vulnerability (CVE-2023-49606) 1 week, 2 days ago | fortiguard.fortinet.com

actor arbitrary code can code +21

ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 week, 4 days ago | fortiguard.fortinet.com

access advisory application attackers +29

Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 weeks, 2 days ago | fortiguard.fortinet.com

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 2 weeks, 4 days ago | fortiguard.fortinet.com

attackers attacks cisa cisa known exploited vulnerabilities +27

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 3 weeks, 2 days ago | fortiguard.fortinet.com

adaptive security advisory april arcanedoor +22

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 3 weeks, 2 days ago | fortiguard.fortinet.com

access advisory akira akira ransomware +17

PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 month ago | fortiguard.fortinet.com

advisory attack code code injection +27

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Associate Engineer (Security Operations Centre)

@ People Profilers | Singapore, Singapore, Singapore

View on infosec-jobs.com

DevSecOps Engineer

@ Australian Payments Plus | Sydney, New South Wales, Australia

View on infosec-jobs.com

Senior Cybersecurity Specialist

@ SmartRecruiters Inc | Poland, Poland

View on infosec-jobs.com