CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
In short
A critical flaw in Microsoft SharePoint Server allows attackers to gain administrative privileges without proper authorization. An attacker with network access can exploit this vulnerability to take control of the SharePoint system and access sensitive data.
Technical detail
CWE-303 (improper authentication) vulnerability in SharePoint Server permits privilege escalation through network access without requiring valid credentials. An authenticated or unauthenticated attacker can bypass access controls to obtain administrative privileges, impacting confidentiality, integrity, and availability of the SharePoint environment.
Summary generated and translated by AI from the official description.
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft SharePoint Server 2019public PoCs found — 7
githubgithub.com/Chocapikk/CVE-2023-29357★ 239githubgithub.com/LuemmelSec/CVE-2023-29357★ 54githubgithub.com/Guillaume-Risch/cve-2023-29357-Sharepoint★ 4githubgithub.com/KeyStrOke95/CVE-2023-29357-ExE★ 2githubgithub.com/AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357★ 0githubgithub.com/DeividasTerechovas/SOC227-Microsoft-SharePoint-Server-Elevation-of-Privilege-Possible-CVE-2023-29357-Exploitation★ 0githubgithub.com/DonVorrin/CVE-2023-29357★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →