CVE-2023–29357, CVE-2023–24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities | allinfosecnews.com

Sept. 27, 2023, 5:01 p.m. | Scott Caveza

Cyber Exposure Alerts www.tenable.com

CVE-2023–29357, CVE-2023–24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities

A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.

Background

On September 25, STAR Labs researcher Nguyễn Tiến Giang (Jang) published a blog post outlining the successful chaining of CVE-2023–29357 and CVE-2023–24955 to achieve remote code execution (RCE) against Microsoft SharePoint Server. The exploit chain was demonstrated at the Zero Day Initiative’s (ZDI) Pwn2Own contest …

blog blog post code code execution concept cve exploit exploit chain exploited labs microsoft microsoft sharepoint proof proof-of-concept remote code remote code execution researcher september server sharepoint unauthenticated vulnerabilities

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 6 days, 13 hours ago | www.tenable.com

adaptive security arcanedoor blog called +15

CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 1 week, 1 day ago | www.tenable.com

advisory april crushftp customers +23

Oracle April 2024 Critical Patch Update Addresses 239 CVEs 2 weeks, 1 day ago | www.tenable.com

addresses april cpu critical +12

CVE-2024-3400: Zero-Day Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Gateway Exploited in the Wild 2 weeks, 5 days ago | www.tenable.com

alto april attacks command +25

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988) 3 weeks, 1 day ago | www.tenable.com

addresses april critical critical vulnerabilities +13

Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils 1 month ago | www.tenable.com

CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability 1 month, 2 weeks ago | www.tenable.com

address advisory arbitrary code attacker +20

Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407) 1 month, 2 weeks ago | www.tenable.com

CVE-2024-27198, CVE-2024-27199: Two Authentication Bypass Vulnerabilities in JetBrains TeamCity 1 month, 3 weeks ago | www.tenable.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati

View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478

View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom

View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA

View on infosec-jobs.com