Vulnerability Description
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Lync | 2013 |
| Microsoft | Skype For Business | 2016 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101156Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039530Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1178PatchVendor Advisory
- http://www.securityfocus.com/bid/101156Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039530Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1178PatchVendor Advisory
FAQ
What is CVE-2017-11786?
CVE-2017-11786 is a vulnerability with a CVSS score of 8.8 (HIGH). Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authent...
How severe is CVE-2017-11786?
CVE-2017-11786 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11786?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Lync, Microsoft Skype For Business.