CVE-2023-29357

CVE Published	2023-06-14
Related CWE(s)	CWE-303: Incorrect Implementation of Authentication Algorithm
Related Vendor(s)	microsoft
Related Product(s)	sharepoint_server
Exploitation Reported (CISA KEV)	2024-01-10
CVSS 3 Base Score	9.8 (CRITICAL)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Reflection Attack in Authentication Protocol (CAPEC-90)

An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.

References

CVE.org

View more information about CVE-2023-29357 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2023-29357 on the NIST NVD.

CISA Known Exploited Vulnerabilities