Attacker Value

Moderate

CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability

Attacker Value

Moderate

(1 user assessed)

Exploitability

Very Low

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability

Last updated June 09, 2020

CVE-2020-1295

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server.

To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user.

The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.

Add Assessment

busterb (317)

June 09, 2020 11:43pm UTC (4 years ago)•Edited 4 years ago

Ratings

Attacker Value

Medium

Exploitability

Very Low

Common in enterprise Easy to weaponize Gives privileged access Vulnerable in default configuration

Technical Analysis

Sure it’s an authenticated vuln, but being able to just switch user accounts sounds like a fun way to cause havoc, especially for long-term persistence type scenarios. Though I guess the average pentest is all about just getting the actual credentials in the first place, but this might be useful for real APT scenarios, especially since it affects the last three major releases.

Don’t know much details of the actual ‘specially crafted request’, so it’s hard to say exactly how exploitable this would be, and you do need creds in the first place. Probably nifty for insider jobs.

References

Canonical

CVE-2020-1295 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1295)

Miscellaneous

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1295

Rapid7

Moderate