CVE-2023-36789

CWE-94 — Code Injection5 documents5 sources

Severity

7.2HIGH

EPSS

0.7%

top 27.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft Skype FOR Business Server 2015 Cu13 Microsoft Skype FOR Business Server 2019 CU7 Microsoft Skype FOR Business Server

Timeline

PublishedOct 10

Description

Skype for Business Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft/skype_for_business_server_2019_cu72046.0 — 7.0.246.530

▶CVEListV5microsoft/skype_for_business_server_2015_cu139319.0 — 6.0.9319.869

▶NVDmicrosoft/skype2015, 2019+1

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-4m7g-cm2c-xffg: Skype for Business Remote Code Execution Vulnerability↗2023-10-10

▶

CVEList

Skype for Business Remote Code Execution Vulnerability↗2023-10-10

▶

📋Vendor Advisories

1

Microsoft

Skype for Business Remote Code Execution Vulnerability↗2023-10-10

▶

CVE-2023-36789 (HIGH CVSS 7.2) | Skype for Business Remote Code Exec | cvebase.io