CVE-2021-24099

4 documents4 sources

Severity

6.5MEDIUM

EPSS

6.3%

top 9.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Microsoft Microsoft Lync Server 2013 Microsoft Skype FOR Business Server 2015 CU 8 Microsoft Skype FOR Business Server 2019 CU2 +2 more

Timeline

PublishedFeb 25

Latest updateMay 24

Description

Skype for Business and Lync Denial of Service Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5microsoft/skype_for_business_server_2019_cu27.0.0 — publication

▶CVEListV5microsoft/skype_for_business_server_2015_cu_82015 CU 8 — publication

▶CVEListV5microsoft/microsoft_lync_server_2013< publication

▶NVDmicrosoft/skype2015, 2019+1

▶NVDmicrosoft/lync_server2013

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-gr3f-8f43-4w8g: Skype for Business and Lync Denial of Service Vulnerability↗2022-05-24

▶

CVEList

Skype for Business and Lync Denial of Service Vulnerability↗2021-02-25

▶

📋Vendor Advisories

1

Microsoft

Skype for Business and Lync Denial of Service Vulnerability↗2021-02-09

▶

CVE-2021-24099 (MEDIUM CVSS 6.5) | Skype for Business and Lync Denial | cvebase.io