CVE-2017-11786

CVE Database · CVE-2017-11786

CVE-2017-11786

· N/AModified

CVSS v3.1

N/A

EPSS

9.39%

Published

Oct 13, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."

Weaknesses (CWE)

CWE-294

Affected Products (2)

microsoft · lyncvulnerable

microsoft · skype_for_businessvulnerable

References (6)

http://www.securityfocus.com/bid/101156

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039530

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786

PatchVendor Advisory

http://www.securityfocus.com/bid/101156

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039530

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786

KEV Catalog EPSS Scores Vendors All CVEs