← back
CVE-2017-11786

CVE-2017-11786

EPSS 9.4%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 9.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Oct 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Affected products
Microsoft Corporation · Skype for Business

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786http://www.securityfocus.com/bid/101156http://www.securitytracker.com/id/1039530