Описание
Microsoft Teams Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Teams for iOS | ||
| Microsoft Teams for Android | ||
| Microsoft Teams for Desktop |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
3.1 Low
CVSS3
Связанные уязвимости
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
Уязвимость корпоративной платформы Microsoft Teams, связанная с некорректной обработкой недостаточных разрешений или привилегий, позволяющая нарушителю повысить свои привилегии
EPSS
3.1 Low
CVSS3