CVE-2017-11786

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Skype For Business
Vendor: CVE Published:; 10 October 2017

Summary

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

Affected Version(s)

Skype for Business Microsoft Lync 2013 SP1 and Skype for Business 2016

References

http://www.securityfocus.com/bid/101156

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1039530

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2017
Vulnerability Reserved
Jul 31, 2017

Collectors

NVD DatabaseMitre Database

.