CVE-2023-36780

FAQ

How could an attacker exploit this vulnerability?

To exploit this input validation vulnerability, an attacker would need access to an authenticated user account holding CsHelpDesk administrative privileges, hosting a malicious C++/CLI assembly in the shared directory.

The attacker would also need to create a remote PowerShell session in order to run the insecure Get-Help cmdlet at server context.

This exploit would allow the attacker to gain remote code execution on the Skype for Business Server backend.

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the attacker or targeted user to be granted an administrative role in the Skype for Business Control Panel.

To help retain security and role-based access control integrity, add users to the groups that define what role the user performs in management of the Skype for Business Server deployment.

If I’m running PowerShell, how am I exposed to this vulnerability?

The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. This occurs when someone creates a custom endpoint, called restricted remoting, that exposes the "GetHelp" command without a proxy that validates the input.