CISA Reports Exploitation of Second SharePoint Flaw Revealed at Pwn2Own

March 27, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported that a second SharePoint flaw, uncovered during the Pwn2Own hacking competition last year, is currently being exploited. This vulnerability, identified as CVE-2023-24955, was exposed by the Star Labs team in March 2023 at Pwn2Own Vancouver, together with another flaw, CVE-2023-29357.

The Star Labs team was awarded $100,000 at Pwn2Own for their demonstration of this two-bug exploit chain, which enables unauthenticated remote code execution on SharePoint servers with elevated privileges. Microsoft issued patches for CVE-2023-24955 and CVE-2023-29357 in May and June 2023, respectively. The findings were disclosed by the Star Labs researchers in September, and a proof of concept (PoC) exploit was released in mid-December.

Less than a month later, CISA added CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) list. Now, CVE-2023-24955, the second vulnerability in the exploit chain, has also been added. While no details are publicly available about the attacks exploiting these vulnerabilities, it is assumed that they are being chained together by unknown threat actors.

CISA's KEV list entry reveals that the attacks they are aware of do not involve ransomware. Microsoft’s advisories for CVE-2023-24955 and CVE-2023-29357 have not yet been updated to inform customers about in-the-wild exploitation, but both are assessed as 'exploitation more likely'.

CISA's KEV catalog currently lists four SharePoint vulnerabilities that have been exploited in the wild since 2019. The most recent addition, CVE-2023-24955, needs to be addressed by government organizations by April 16.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.