CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-11786

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.088

EPSS Ranking 92.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.3

References

http://www.securityfocus.com/bid/101156
http://www.securitytracker.com/id/1039530
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786
http://www.securityfocus.com/bid/101156
http://www.securitytracker.com/id/1039530
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786

Products affected by CVE-2017-11786

Microsoft » Lync » Version: 2013

cpe:2.3:a:microsoft:lync:2013
Microsoft » Skype For Business » Version: 2016

cpe:2.3:a:microsoft:skype_for_business:2016

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11786

Products

Pricing

Contact Us