CVE-2023-41763

Warnung

EPSS 13.69%
Veröffentlicht 10.10.2023 18:15:18
Zuletzt bearbeitet 29.11.2024 14:36:59
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Skype for Business Elevation of Privilege Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Skype For Business Server Version2015 Updatecumulative_update_13

Microsoft ≫ Skype For Business Server Version2019 Updatecumulative_update_7

10.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Skype for Business Privilege Escalation Vulnerability

Schwachstelle

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.69%	0.94

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-41763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41763

EUVD