CVE-2018-8238
Description
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka Skype for Business and Lync Security Feature Bypass Vulnerability. This affects Skype, Microsoft Lync.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.339
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2016 (KB4022221) 64-Bit Edition | Windows |
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2016 (KB4022221) 32-Bit Edition | Windows |
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2015 (KB4022225) 64-Bit Edition | Windows |
| Skype for Business and Lync Security Feature Bypass Vulnerability for Skype for Business 2015 (KB4022225) 32-Bit Edition | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-24877 | Security Update for Skype for Business 2016 (KB4022221) 64-Bit Edition |
| PATCH-24876 | Security Update for Skype for Business 2016 (KB4022221) 32-Bit Edition |
| PATCH-24869 | Security Update for Skype for Business 2015 (KB4022225) 64-Bit Edition |
| PATCH-24868 | Security Update for Skype for Business 2015 (KB4022225) 32-Bit Edition |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234