Detections
Analytics

CVE-2023-29357

critical

Description

Microsoft SharePoint Server Elevation of Privilege Vulnerability

From the Tenable Blog

CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities

Published: 2023-09-27

A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.

Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)

Published: 2023-06-13

Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357

https://www.ic3.gov/Media/News/2024/241010.pdf

https://isc.sans.edu/diary/rss/30436

https://www.tenable.com/blog/microsofts-january-2024-patch-tuesday-addresses-48-cves-cve-2024-20674

https://www.tenable.com/blog/cve-2023-29357-cve-2023-24955-exploit-chain-released-for-microsoft-sharepoint-server

https://www.tenable.com/blog/microsofts-june-2023-patch-tuesday-addresses-70-cves-cve-2023-29357

Details

Source: Mitre, NVD

Published: 2023-06-14

Updated: 2025-03-10

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.94356