Описание
Skype for Business and Lync Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution?
To successfully exploit this vulnerability, the attacker must have write access on the file share, and an active file share administrator account on the target server. With write access, the attacker would need to modify specific files on the target server to trigger code execution.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Lync Server 2013 CU10 | ||
| Skype for Business Server 2015 CU12 | ||
| Skype for Business Server 2019 CU6 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.2 High
CVSS3
Связанные уязвимости
Skype for Business and Lync Remote Code Execution Vulnerability
Skype for Business and Lync Remote Code Execution Vulnerability.
Уязвимость сервера корпоративных коммуникаций Skype for Business Server и Microsoft Lync Server, позволяющая нарушителю выполнить произвольный код
EPSS
7.2 High
CVSS3