CVE-2023-41763

Skype for Business Elevation of Privilege Vulnerability

CVSS 5.3 MEDIUMEPSS 90.4%● KEVCWE-918

In short

Skype for Business has a vulnerability that allows an attacker to gain higher permissions on a system by exploiting improper privilege handling. This is dangerous because it could let someone access features or data they shouldn't be able to.

Technical detail

This elevation of privilege vulnerability (CWE-918) in Skype for Business arises from improper authorization checks, potentially allowing an authenticated local attacker to escalate privileges. The attack requires prior system access and successful exploitation results in unauthorized access to restricted functionality or system resources.

Summary generated and translated by AI from the official description.

Skype for Business Elevation of Privilege Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Affected products

Microsoft · Skype for Business Server 2015 CU13 Microsoft · Skype for Business Server 2019 CU7

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41763