CVE-2017-11786

Summary

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationSkype for BusinessMicrosoft Lync 2013 SP1 and Skype for Business 2016affected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

References