CVE-2014-4068

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUM

EPSS

31.1%

top 3.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Lync Server

Timeline

PublishedSep 10

Latest updateMay 14

Description

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/lync_server2010, 2013+1

🔴Vulnerability Details

GHSA

GHSA-777p-5mff-5cpm: The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which↗2022-05-14

▶

CVEList

CVE-2014-4068: The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which↗2014-09-10

▶