Msrc Skype For Business Server 2019 Cu7 vulnerabilities

CVE-2024-20695 [MEDIUM] CWE-284 Skype for Business Information Disclosure Vulnerability Skype for Business Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this

CVE-2023-36786 [HIGH] CWE-36 Skype for Business Remote Code Execution Vulnerability Skype for Business Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1. Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoice

CVE-2023-36789 [HIGH] CWE-94 Skype for Business Remote Code Execution Vulnerability Skype for Business Remote Code Execution Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account. FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability

CVE-2023-36780 [HIGH] CWE-426 Skype for Business Remote Code Execution Vulnerability Skype for Business Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this input validation vulnerability, an attacker would need access to an authenticated user account holding CsHelpDesk administrative privileges, hosting a malicious C++/CLI assembly in the shared directory. The attacker would also need to create a remote PowerShell session in order to run th

CVE-2023-41763 [MEDIUM] CWE-918 Skype for Business Elevation of Privilege Vulnerability Skype for Business Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an http request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker. FAQ: According to the CVSS metrics, successful ex