[German]Security researchers have now published a proof of concept (PoC) for the Remote Code Execution (RCE) vulnerability in the web part CVE-2020-1181. Since patches are available, administrators should take action.
Advertising
SharePoint: The RCE Vulnerability CVE-2020-1181
Microsoft SharePoint Server is vulnerable to a CVE-2020-1181 RCE vulnerability when unsecure ASP.Net Web controls are not properly identified and filtered. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.
To exploit the vulnerability, an authenticated user must create and view a specially crafted page in an affected version of Microsoft SharePoint Server.
Security updates are available
In a support article about the RCE vulnerability CVE-2020-1181 , Microsoft states that the vulnerability is unlikely to be exploited in older software versions. In the article, Microsoft provides the following security updates for Microsoft SharePoint Server.
- Microsoft SharePoint Enterprise Server 2016: KB4484402
- Microsoft SharePoint Foundation 2010 Service Pack 2: KB4484391
- Microsoft SharePoint Foundation 2013 Service Pack 1: KB4484409
- Microsoft SharePoint Server 2019: KB4484400
The vulnerability CVE-2020-1181 in SharePoint has been closed by Microsoft on June 9, 2020 (patchday).
Proof of Concept (PoC) for CVE-2020-1181
However, administrators should act now and install the updates promptly. These days I came across the following tweet from Nicolas Karassas.
Advertising
CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts – includes step-by-step Proof of Concepthttps://t.co/1ydBxQN93W
— Nicolas Krassas (@Dinosn) June 18, 2020
The Zero Day Initiative (ZDI) published this document on June 17, 2020, which deals with the vulnerability and its exploitation. A Proof of Concept (PoC) is available.
Advertising