CVE-2023-24955 : Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Published 2023-05-09 18:15:13

Updated 2025-03-13 16:17:09

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-24955

Microsoft » Sharepoint Server » Version: 2019
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Server » Version: N/A Subscription Edition
cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*
Matching versions
Microsoft » Sharepoint Enterprise Server » Version: 2016
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
Matching versions

CVE-2023-24955 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.

CISA vulnerability name:

Microsoft SharePoint Server Code Injection Vulnerability

CISA required action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA description:

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Notes:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955; https://nvd.nist.gov/vuln/detail/CVE-2023-24955

Added on 2024-03-26 Action due date 2024-04-16

Exploit prediction scoring system (EPSS) score for CVE-2023-24955

EPSS FAQ

92.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-24955

Sharepoint Dynamic Proxy Generator Unauth RCE

Disclosure Date: 2023-05-01

First seen: 2024-04-18

exploit/windows/http/sharepoint_dynamic_proxy_generator_auth_bypass_rce

This module exploits two vulnerabilities in Sharepoint 2019, an auth bypass CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955, an RCE which was patched in May of 2023. The auth bypass allows attackers to impersonate the Sharepoint Admin user. This vu

More information

CVSS scores for CVE-2023-24955

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	Microsoft Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-24955

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Assigned by:
- nvd@nist.gov (Primary)
- secure@microsoft.com (Secondary)

References for CVE-2023-24955

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955

CVE-2023-24955 - Security Update Guide - Microsoft - Microsoft SharePoint Server Remote Code Execution Vulnerability
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-24955