CVE-2017-11786
Summary
| CVE | CVE-2017-11786 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-13 13:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." |
Risk And Classification
Problem Types: CWE-294
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Lync | 2013 | sp1 | All | All |
| Application | Microsoft | Lync | 2013 | sp1 | All | All |
| Application | Microsoft | Skype For Business | 2016 | All | All | All |
| Application | Microsoft | Skype For Business | 2016 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Skype for Business Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Microsoft Skype for Business CVE-2017-11786 Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| {{windowTitle}} | CONFIRM | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.