CVE-2023-41763

Warning

EPSS 13.69%
Published 10.10.2023 18:15:18
Last modified 29.11.2024 14:36:59
Source secure@microsoft.com
Teams watchlist Login
Open Login

Skype for Business Elevation of Privilege Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Skype For Business Server Version2015 Updatecumulative_update_13

Microsoft ≫ Skype For Business Server Version2019 Updatecumulative_update_7

10.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Skype for Business Privilege Escalation Vulnerability

Vulnerability

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.69%	0.94

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-41763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41763

EUVD