CVE-2017-11786
Last modified
CVE-2017-11786 is a vulnerability of currently unknown severity. Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability.". EPSS estimates a 9.39% chance of exploitation in the next 30 days.
Description
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Lync | 2013 | Sp1 |
| Microsoft | Skype For Business | 2016 | — |
References
- http://www.securityfocus.com/bid/101156Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039530Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786Patch, Vendor Advisory
- http://www.securityfocus.com/bid/101156Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039530Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-11786?
How severe is CVE-2017-11786?
How do I fix CVE-2017-11786?
Are you affected by CVE-2017-11786?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST