CVE-2017-11786
Description
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka Skype for Business Elevation of Privilege Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
11.493
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Skype for Business Elevation of Privilege Vulnerability for Business Elevation of Privilege Vulnerability for Skype for Business 2016 (KB4011159) 64-Bit Edition | Windows |
| Skype for Business Elevation of Privilege Vulnerability for Business Elevation of Privilege Vulnerability for Skype for Business 2016 (KB4011159) 32-Bit Edition | Windows |
| Skype for Business Elevation of Privilege Vulnerability for Business Elevation of Privilege Vulnerability for Skype for Business 2015 (KB4011179) 64-Bit Edition | Windows |
| Skype for Business Elevation of Privilege Vulnerability for Business Elevation of Privilege Vulnerability for Skype for Business 2015 (KB4011179) 32-Bit Edition | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-23332 | Security Update for Skype for Business 2016 (KB4011159) 64-Bit Edition |
| PATCH-23331 | Security Update for Skype for Business 2016 (KB4011159) 32-Bit Edition |
| PATCH-23338 | Security Update for Skype for Business 2015 (KB4011179) 64-Bit Edition |
| PATCH-23337 | Security Update for Skype for Business 2015 (KB4011179) 32-Bit Edition |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234