CVE-2023-24955

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified)

Description The issue is related to a remote code execution vulnerability in Microsoft SharePoint Server. This vulnerability allows an authenticated attacker with Site Owner privileges to execute arbitrary code. The vulnerability is being actively exploited in the wild. According to some sources, over 43,658 targets related to this vulnerability were discovered using ZoomEye. The vulnerability can be exploited together with another issue to bypass authentication and use the SharePoint API with administrator privileges. A public exploit is available that uses both vulnerabilities.

Recommendations As a temporary workaround, consider disabling the vulnerable functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Apply the patch released by Microsoft in May 2023 to the latest secure version. Federal agencies must apply fixes by April 16, 2024. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it is recommended to update to the latest secure version.