Login Sign Up

CVE-2024-49068

8.2 HIGH

📋 TL;DR

This vulnerability allows authenticated attackers to elevate their privileges within Microsoft SharePoint, potentially gaining administrative access. It affects organizations running vulnerable SharePoint Server versions. Attackers must already have authenticated access to exploit this flaw.

💻 Affected Systems

Products:
  • Microsoft SharePoint Server
Versions: Specific versions will be detailed in Microsoft's advisory
Operating Systems: Windows Server
Default Config Vulnerable: ⚠️ Yes
Notes: Requires SharePoint Server installation with default or vulnerable configurations

📦 What is this software?

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains full administrative control over SharePoint, allowing data theft, manipulation, or complete system compromise.

🟠

Likely Case

Attackers with standard user accounts escalate to administrative privileges, enabling unauthorized access to sensitive documents and configuration changes.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized privilege escalation within the attacker's existing authenticated scope.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and knowledge of SharePoint internals

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's monthly security updates for SharePoint Server

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068

Restart Required: Yes

Instructions:

1. Review Microsoft's security advisory 2. Apply the latest security update for SharePoint Server 3. Restart SharePoint services 4. Test functionality

🔧 Temporary Workarounds

Restrict User Permissions

windows

Tighten SharePoint user permissions to minimum required levels

Enable Auditing

windows

Enable detailed SharePoint auditing to detect privilege escalation attempts

🧯 If You Can't Patch

  • Implement strict access controls and principle of least privilege
  • Monitor SharePoint logs for unusual privilege changes or administrative actions

🔍 How to Verify

Check if Vulnerable:

Check SharePoint Server version against Microsoft's security advisory

Check Version:

Get-SPFarm | Select BuildVersion

Verify Fix Applied:

Verify SharePoint Server version is updated beyond vulnerable versions

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events
  • Administrative actions from non-admin accounts
  • SharePoint ULS log anomalies

Network Indicators:

  • Unexpected authentication patterns to SharePoint administrative endpoints

SIEM Query:

source="SharePoint" AND (event_id="privilege" OR event_id="elevation" OR user_role_change="true")

📊 Metadata

CVE ID: CVE-2024-49068
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-284
Published: December 12, 2024
Last Updated: January 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49068, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)