Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36786: Skype for Business Remote Code Execution Vulnerability

How could an attacker exploit this vulnerability?

An attacker could exploit this path traversal vulnerability by leveraging the OcsPowershell endpoint within Skype for Business Server 2019 CU7 Hotfix 2 and Skype for Business Server 2015 CU13 Hotfix 1.

Exploitation of this vulnerability requires the authenticated remote user be granted either the CsVoiceAdministrator or CsServerAdministrator role in order to create arbitrary files on the server.

This exploit would allow the attacker to execute arbitrary code on the server.

Microsoft Security Response Center
#vulnerability#rce#auth#Skype for Business#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8