Main Vulnerability Database Vulnerabilities #VU81729

#VU81729 Information disclosure in Skype for Business Server - CVE-2023-41763

Published: October 10, 2023

Vulnerability identifier: #VU81729

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2023-41763

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Skype for Business Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to IP addresses or port numbers or both to the attacker.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41763

#VU81729 Information disclosure in Skype for Business Server - CVE-2023-41763

Description

Remediation

External links

Please verify you're human