CVE-2023-24955

HIGH KEV RANSOMWARE

Microsoft Sharepoint Enterprise Server - Code Injection

Title source: rule

Description

Microsoft SharePoint Server Remote Code Execution Vulnerability

Exploits (3)

nomisec WORKING POC 13 stars
by former-farmer · remote-auth
https://github.com/former-farmer/CVE-2023-24955-PoC
metasploit WORKING POC EXCELLENT
by Jang, jheysel-r7 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_dynamic_proxy_generator_auth_bypass_rce.rb

References (2)

Scores

CVSS v3 7.2
EPSS 0.9168
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-03-26
VulnCheck KEV 2024-03-26
InTheWild.io 2024-03-26
ENISA EUVD EUVD-2023-28942
Ransomware Use Confirmed
CWE
CWE-94
Status published
Products (3)
microsoft/sharepoint_enterprise_server 2016
microsoft/sharepoint_server
microsoft/sharepoint_server 2019
Published May 09, 2023
KEV Added Mar 26, 2024
Tracked Since Feb 18, 2026