CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS 7.2 HIGHEPSS 55.3%● KEVCWE-502

Vexday Risk Score

63High priority

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.2EPSS 55.3%KEV simPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

09 Jul 2024Published on NVD

22 Oct 2024Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A vulnerability in Microsoft SharePoint allows attackers to execute arbitrary code on the server. An attacker with access to SharePoint can exploit unsafe deserialization to run malicious commands with the same privileges as the SharePoint service.

Technical detail

CWE-502 (Deserialization of Untrusted Data) allows unauthenticated or low-privileged attackers to achieve remote code execution via crafted serialized objects. The vulnerability requires network access to a vulnerable SharePoint instance and results in code execution within the SharePoint process context (CVSS 7.2).

Summary generated and translated by AI from the official description.

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft SharePoint Enterprise Server 2016 Microsoft · Microsoft SharePoint Server 2019 Microsoft · Microsoft SharePoint Server Subscription Edition

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38094