SharePoint: PoC for RCE Vulnerability CVE-2020-1181

[German]Security researchers have now published a proof of concept (PoC) for the Remote Code Execution (RCE) vulnerability in the web part CVE-2020-1181. Since patches are available, administrators should take action.


Advertising

SharePoint: The RCE Vulnerability CVE-2020-1181

Microsoft SharePoint Server is vulnerable to a CVE-2020-1181 RCE vulnerability when unsecure ASP.Net Web controls are not properly identified and filtered. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.

To exploit the vulnerability, an authenticated user must create and view a specially crafted page in an affected version of Microsoft SharePoint Server.

Security updates are available

In a support article about the RCE vulnerability CVE-2020-1181 , Microsoft states that the vulnerability is unlikely to be exploited in older software versions. In the article, Microsoft provides the following security updates for Microsoft SharePoint Server.

  • Microsoft SharePoint Enterprise Server 2016: KB4484402
  • Microsoft SharePoint Foundation 2010 Service Pack 2: KB4484391
  • Microsoft SharePoint Foundation 2013 Service Pack 1: KB4484409
  • Microsoft SharePoint Server 2019: KB4484400

The vulnerability CVE-2020-1181 in SharePoint has been closed by Microsoft on June 9, 2020 (patchday).

Proof of Concept (PoC) for CVE-2020-1181

However, administrators should act now and install the updates promptly. These days I came across the following tweet from Nicolas Karassas.


Advertising

The Zero Day Initiative (ZDI) published this document on June 17, 2020, which deals with the vulnerability and its exploitation. A Proof of Concept (PoC) is available.


Advertising

This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).