⚠ Actively exploited
Added to CISA KEV on 2023-10-10. Federal agencies required to patch by 2023-10-31. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-41763

CWE-918Server-Side Request Forgery (SSRF)12 documents11 sources
Severity
5.3MEDIUM
EPSS
19.2%
top 4.64%
CISA KEV
KEV
Added 2023-10-10
Due 2023-10-31
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Microsoft Skype FOR Business Server 2015 Cu13Microsoft Skype FOR Business Server 2019 CU7Microsoft Skype FOR Business Server
Timeline
PublishedOct 10
KEV addedOct 10
KEV dueOct 31
Latest updateFeb 22
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Skype for Business Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5microsoft/skype_for_business_server_2019_cu72046.07.0.246.530
CVEListV5microsoft/skype_for_business_server_2015_cu139319.06.0.9319.869
NVDmicrosoft/skype2015, 2019+1

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

3
CVEList
Skype for Business Elevation of Privilege Vulnerability2023-10-10
GHSA
GHSA-7997-4r78-h34m: Skype for Business Elevation of Privilege Vulnerability2023-10-10
VulnCheck
Microsoft Skype for Business Privilege Escalation Vulnerability2023

💥Exploits & PoCs

1
Nuclei
Skype for Business 2019 (SfB) - Blind Server-side Request Forgery

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Possible Skype for Business SSRF Attempt (CVE-2023-41763)2023-10-11

📋Vendor Advisories

2
CISA
Microsoft Skype for Business Privilege Escalation Vulnerability2023-10-10
Microsoft
Skype for Business Elevation of Privilege Vulnerability2023-10-10

🕵️Threat Intelligence

2
Talos
Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol2023-10-11
Talos
Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol2023-10-11

💬Community

1
HackerOne
CVE-2023-41763 Business Elevation of Privilege vulnerability on [.mtn.com]2025-02-22
CVE-2023-41763 (MEDIUM CVSS 5.3) | Skype for Business Elevation of Pri | cvebase.io