CVE-2018-8238 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Lync	2013
Microsoft	Skype For Business	2016

References

http://www.securityfocus.com/bid/104619Third Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238PatchVendor Advisory
http://www.securityfocus.com/bid/104619Third Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238PatchVendor Advisory

FAQ

What is CVE-2018-8238?

CVE-2018-8238 is a vulnerability with a CVSS score of 7.8 (HIGH). A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulner...

How severe is CVE-2018-8238?

CVE-2018-8238 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-8238?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Lync, Microsoft Skype For Business.