CVE-2023-29357
Published: 14 June 2023
Summary
CVE-2023-29357 is a critical-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft SharePoint Server is affected by an elevation of privilege vulnerability, CVE-2023-29357, that carries a CVSS 3.1 score of 9.8. The flaw permits unauthenticated network attackers to obtain full read, write, and execute rights on the server without any user interaction.
Remote, unauthenticated attackers can leverage the weakness to gain administrative control over SharePoint deployments, allowing them to access or modify sensitive content, alter configurations, or disrupt service availability.
Microsoft has issued remediation guidance through its Security Response Center, and the vulnerability is listed in CISA’s catalog of known exploited vulnerabilities, confirming active use in the wild.
The EPSS score of 0.9436 reflects consistently elevated exploitation likelihood since the June 2023 disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-32930
Vulnerability details
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 10 January 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of Microsoft-supplied patches that eliminate the SharePoint elevation-of-privilege flaw.
Enforces access-control decisions so that unauthenticated network requests cannot obtain elevated privileges on the SharePoint server.
Mandates identification and authentication of organizational users before any access is granted, blocking the unauthenticated attack vector.