Rewterz Threat Advisory – Multiple Microsoft SharePoint Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-33170 CVSS:8.1

Microsoft SharePoint Server could allow a remote attacker to bypass security restrictions. By winning a race condition, an attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality, integrity and Availability.

CVE-2023-33160 CVSS:8.8

Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. An attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-33159 CVSS:8.8

Microsoft SharePoint Server could allow a remote attacker to conduct spoofing attacks.

CVE-2023-33157 CVSS:8.8

Microsoft SharePoint could allow a remote authenticated attacker to execute arbitrary code on the system. An attacker could exploit this vulnerability to execute arbitrary code on the SharePoint Server.

CVE-2023-33134 CVSS:8.8

Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Code Execution
• Security Bypass
• Gain Access

Indicators Of Compromise

CVE

• CVE-2023-33170
• CVE-2023-33160
• CVE-2023-33159
• CVE-2023-33157
• CVE-2023-33134

Affected Vendors

Microsoft

Affected Products

• Microsoft .NET 6.0
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-33170

CVE-2023-33160

CVE-2023-33159

CVE-2023-33157

CVE-2023-33134