CVE-2014-4068

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx
http://www.securitytracker.com/id/1030821
http://www.securityfocus.com/bid/69586
https://exchange.xforce.ibmcloud.com/vulnerabilities/95544
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:lync_server:2010:::::::*
	cpe:2.3:a:microsoft:lync_server:2013:::::::*

Information

Published : 2014-09-09 18:55

Updated : 2018-10-12 15:06

NVD link : CVE-2014-4068

Mitre link : CVE-2014-4068

JSON object : View

CWE

CWE-20

Improper Input Validation

Advertisement

Products Affected

microsoft

lync_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx", "name": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1030821", "name": "1030821", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/69586", "name": "69586", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95544", "name": "ms-lync-cve20144068-dos(95544)", "tags": [], "refsource": "XF"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055", "name": "MS14-055", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka \"Lync Denial of Service Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-4068", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-09-10T01:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:lync_server:2010:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T22:06Z"}