CVE-2023-24955: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2023-24955) is a critical security flaw that was patched in May 2023. The vulnerability allows an authenticated Site Owner to execute code on an affected SharePoint Server. This vulnerability has been assigned a CVSSv3 score of 7.2 HIGH (Microsoft MSRC). The vulnerability affects multiple versions of SharePoint Server including SharePoint Enterprise Server 2016, SharePoint Server Subscription Edition, and SharePoint Server 2019 (NVD).

CVE-2023-24955 is a code injection vulnerability that can be chained with CVE-2023-29357 (an authentication bypass vulnerability) to achieve unauthenticated remote code execution on affected SharePoint servers. The vulnerability was demonstrated at the Zero Day Initiative's Pwn2Own contest in Vancouver in March 2023. When exploited independently, CVE-2023-24955 requires authenticated access with Site Owner privileges to achieve code execution (Tenable).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code on the affected SharePoint Server. The severity is heightened when chained with CVE-2023-29357, as it enables unauthenticated remote code execution, potentially giving attackers complete control over the vulnerable system (Tenable).

Microsoft has released security patches for this vulnerability as part of the May 2023 Patch Tuesday updates. Organizations are strongly advised to apply these patches as soon as possible to protect against potential exploitation. The vulnerability affects SharePoint Enterprise Server 2016, SharePoint Server Subscription Edition, and SharePoint Server 2019 (NVD).

The vulnerability gained significant attention after being successfully exploited during the Pwn2Own Vancouver 2023 contest by STAR Labs researcher Nguyễn Tiến Giang (Jang). The researcher spent nearly a year developing the exploit chain that combines this vulnerability with CVE-2023-29357 (Tenable).