January 12, 2024: CISA has issued a warning for a known flaw in Microsoft SharePoint that is being actively exploited in the wild. The vulnerability is a privilege escalation flaw that could lead to an attacker gaining administrator privileges.
The vulnerability, CVE-2023-29357, carries a CVSS (Common Vulnerability Scoring System) a score of 9.8/10.
Any attacker that is able to gain access to a spoofed JWT authentication token can use them to execute a network attack, bypassing authentication and allows them to gain privileges as an authenticated user. The attacker will not need privileges and the user does not need to be tricked into taking any actions for this to escalate.
There is no current identification of the threat actors that are abusing this vulnerability.
Federal agencies are recommended to apply the patches by January 31 2024, to secure against the active threat.
Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
Applying known safe patches as soon as they are released is a critical part of any organization’s cyber posture in order to avoid any potential threats and unauthorized users from entering the network and traversing it. Limiting privileges and network segmentation are also recommended practices to mitigate access throughout the network and data stored in the event you suffer a breach.
SecuLore™ OverWatch provides continuous network monitoring through our patented Paladin technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.