SRC-2022-0004 : Microsoft SharePoint Server SPWebRequest SafeCreate TOCTOU DNS Rebinding Security Feature Bypass Vulnerability
CVE ID: CVE-2022-21968
CVSS Score: 4.3, (/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Vendors: Microsoft
Affected Products: SharePoint Server
Vulnerability Details: This vulnerability allows remote attackers to disclose bypass access IP restrictions on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPWebRequest SafeCreate API. The issue results from a time-of-check-time-of-use when requesting ip addresses from DNS servers. An attacker can leverage this vulnerability to bypass IP restrictions when performing server-side request forgery attacks.
Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details can be found at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968
Disclosure Timeline:
-
2020-09-19 – Sent to Microsoft
-
2022-02-08 – Coordinated public release of advisory
Credit: This vulnerability was discovered by Yuhao Weng and Zhiniang Peng of Sangfor, Steven Seeley (mr_me) of Qihoo 360 Vulnerabilty Research Institute