Microsoft SharePoint Authentication Bypass (CVE-2023-29357)

critical Nessus Plugin ID 187058

Synopsis

A content collaboration application is affected by an authentication bypass vulnerability.

Description

The Microsoft SharePoint Server running on the remote host is affected by an authentication bypass vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to access protected resources.

Note that this plugin only tests the SharePoint site collections at / and /my.

Solution

Microsoft has released KB5002402 to address this issue.

See Also

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357

https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/

https://github.com/Chocapikk/CVE-2023-29357

Plugin Details

Severity: Critical

ID: 187058

File Name: microsoft_sharepoint_cve-2023-29357.nbin

Version: 1.21

Type: remote

Agent: windows

Family: Windows

Published: 12/18/2023

Updated: 11/12/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-29357

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint_server

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/12/2023

Vulnerability Publication Date: 6/12/2023

CISA Known Exploited Vulnerability Due Dates: 1/31/2024

Exploitable With

Metasploit (Sharepoint Dynamic Proxy Generator Unauth RCE)

Reference Information

CVE: CVE-2023-29357

IAVA: 2023-A-0297-S

MSFT: MS23-5002402

MSKB: 5002402

ZDI: ZDI-23-882