The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated concerns over a significant Microsoft SharePoint vulnerability by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The security flaw, identified as CVE-2024-38094, poses a serious risk to SharePoint Server installations and requires immediate attention from federal agencies and private organizations alike.
Understanding the Vulnerability
The vulnerability, which carries a CVSS v4 score of 7.2, primarily affects the SharePoint Server Search component through an input validation error. What makes this security flaw particularly concerning is that authenticated attackers with Site Owner permissions can exploit it to:
- Inject arbitrary code into the system
- Execute malicious code within the SharePoint Server context
- Potentially gain unauthorized control over the server
Federal Mandate and Timeline
Under Binding Operational Directive (BOD) 22-01, CISA has established a strict timeline for addressing this vulnerability:
- Federal Civilian Executive Branch (FCEB) agencies must implement fixes by November 12, 2024
- The directive aims to reduce significant risks associated with known exploited vulnerabilities
- Private organizations are strongly encouraged to follow similar remediation timelines
Technical Details
The vulnerability stems from improper input validation in the SharePoint Server Search component. Attackers can potentially exploit this flaw by:
- Sending specially crafted HTTP requests to vulnerable servers
- Leveraging Site Owner permissions to execute unauthorized code
- Compromising system integrity through code injection
Additional Security Developments
In related cybersecurity news, CISA has also added the ScienceLogic SL1 vulnerability to its KEV catalog. This separate security issue:
- Affects a third-party component within ScienceLogic SL1
- Has been patched in versions 12.1.3+, 12.2.3+, and 12.3+
- Includes backward-compatible fixes for versions dating to 10.1.x
Recent Impact and Response
The significance of addressing these vulnerabilities is highlighted by a recent security incident at Rackspace, reported on September 24, 2024. The cloud hosting provider experienced a breach through their ScienceLogic EM7 monitoring tool, resulting in:
- Exposure of low-sensitivity performance monitoring data
- Compromise of customer usernames and account information
- Access to encrypted internal credentials
Organizations are advised to review their SharePoint Server installations and apply necessary security updates promptly to prevent potential exploitation of these vulnerabilities.
