Show threadNot SimonMar 27, 2024

Security Week did their homework and reported that CVE-2023-24955 was part of a 2-bug exploit chain showcased at last year's Pwn2Own Vancouver in March 2023. The exploit chain would allow for unauthenticated remote code execution on SharePoint servers with elevated privileges. Star Labs team who demonstrated them, released the vulnerability details and proofs of concepts for CVE-2023-29357 and CVE-2023-24955 in September and December 2023. CVE-2023-29357 was added to the KEV Catalog on 10 January 2024. 🔗 https://www.securityweek.com/cisa-second-sharepoint-flaw-disclosed-at-pwn2own-exploited-in-attacks/

#CVE_2023_24955 #CVE_2023_29357 #Microsoft #Sharepoint #vulnerability #CISA #KEV #KnownExploitedVulnerabilitiesCatalog #eitw #activeexploitation

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks

CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild.

SecurityWeek
Not SimonMar 26, 2024

Hot off the press! CISA adds CVE-2023-24955 (7.2 high, disclosed 09 May 2023) Microsoft SharePoint Server Code Injection Vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog. 🔗 https://www.cisa.gov/news-events/alerts/2024/03/26/cisa-adds-one-known-exploited-vulnerability-catalog

#CISA #CVE_2023_24955 #vulnerability #eitw #activeexploitation #knownexploitedvulnerabilitiescatalog #KEV