Multiple vulnerabilities in Microsoft SharePoint Server



Published: 2020-06-09 | Updated: 2020-06-10
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2020-1181
CVE-2020-1178
CVE-2020-1148
CVE-2020-1295
CVE-2020-1289
CWE-ID CWE-20
CWE-918
CWE-451
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Microsoft SharePoint Server
Server applications / Application servers

Microsoft SharePoint Foundation
Server applications / Application servers

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

Updated: 10.06.2020

Updated description and references sections for vulnerability #1.

1) Input validation error

EUVDB-ID: #VU28829

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1181

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the Microsoft SharePoint Server fails to properly identify and filter unsafe ASP.Net web controls. A remote authenticated attacker can create a specially crafted page and upload an XML file containing an arbitrary Web Part definition, which may result in remote code execution n the context of the service account.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2016 - 2019

Microsoft SharePoint Foundation: 2010 Service Pack 2 - 2013

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181
http://www.zerodayinitiative.com/advisories/ZDI-20-694/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU28830

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1178

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. A remote attacker can send a specially crafted message and trick the application to initiate requests to arbitrary systems, leading to remote code execution with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2010 - 2019

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1178


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Spoofing attack

EUVDB-ID: #VU28831

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1148

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. A remote authenticated attacker can send a specially crafted request and spoof page content.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2010 - 2019

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1148


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU28832

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1295

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the Microsoft SharePoint does not properly impose security restrictions. A remote authenticated attacker can send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013 - 2019

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1295


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Spoofing attack

EUVDB-ID: #VU28833

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1289

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. A remote authenticated attacker can send a specially crafted request and spoof page content.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Foundation: 2010 Service Pack 2

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###