CVE-2017-11786

HIGH

Microsoft Lync/Skype for Business - Privilege Escalation

Title source: llm

Description

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101156

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039530

Scores

CVSS v3 8.8

EPSS 0.1149

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-294

Status published

Products (3)

microsoft/lync 2013 sp1

microsoft/skype_for_business 2016

Microsoft Corporation/Skype for Business Microsoft Lync 2013 SP1 and Skype for Business 2016

Published Oct 13, 2017

Tracked Since Feb 18, 2026