CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability

2020-06-09T00:00:00
ID AKB:0CE94594-30DF-4C05-8440-42C4103287CE
Type attackerkb
Reporter AttackerKB
Modified 2020-06-09T00:00:00

Description

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server.

To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user.

The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.

Recent assessments:

busterb at June 09, 2020 11:43pm UTC reported:

Sure it’s an authenticated vuln, but being able to just switch user accounts sounds like a fun way to cause havoc, especially for long-term persistence type scenarios. Though I guess the average pentest is all about just getting the actual credentials in the first place, but this might be useful for real APT scenarios, especially since it affects the last three major releases.

Don’t know much details of the actual ‘specially crafted request’, so it’s hard to say exactly how exploitable this would be, and you do need creds in the first place. Probably nifty for insider jobs.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 1