Lucene search

K
cvelistMicrosoftCVELIST:CVE-2017-11786
HistoryOct 10, 2017 - 12:00 a.m.

CVE-2017-11786

2017-10-1000:00:00
microsoft
www.cve.org

8.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka “Skype for Business Elevation of Privilege Vulnerability.”

CNA Affected

[
  {
    "product": "Skype for Business",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
      }
    ]
  }
]

8.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%