Elevation of Privilege Vulnerability in Skype for Business by Microsoft
CVE-2017-11786

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Skype For Business
Vendor
CVE Published:
10 October 2017

Summary

An elevation of privilege vulnerability in Skype for Business and Microsoft Lync allows attackers to exploit improper handling of authentication requests to steal authentication hashes. This stolen authentication data could be reused to gain unauthorized access to other systems, posing significant risks to organizational security and data integrity.

Affected Version(s)

Skype for Business Microsoft Lync 2013 SP1 and Skype for Business 2016

References

http://www.securityfocus.com/bid/101156
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039530
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.