Headline
CVE-2023-36786: Skype for Business Remote Code Execution Vulnerability
How could an attacker exploit this vulnerability?
An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.
Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.
This exploit would allow the attacker to execute arbitrary code on the server.