CVE-2017-11786

HIGH

Microsoft Lync/Skype for Business - Privilege Escalation

Title source: llm

Description

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101156

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039530

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786

Scores

CVSS v3 8.8

EPSS 0.1149

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-294

Status draft

Affected Products (2)

microsoft/lync

microsoft/skype_for_business

Timeline

Published Oct 13, 2017

Tracked Since Feb 18, 2026