CVE-2014-4068

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx
http://www.securityfocus.com/bid/69586
http://www.securitytracker.com/id/1030821
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055
https://exchange.xforce.ibmcloud.com/vulnerabilities/95544

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:lync_server:2010:::::::*
	cpe:2.3:a:microsoft:lync_server:2013:::::::*

History

No history.

Information

Published : 2014-09-10 01:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-4068

Mitre link : CVE-2014-4068

CVE.ORG link : CVE-2014-4068

JSON object : View

Products Affected

microsoft

lync_server

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-4068", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-10T01:55:09.513", "references": [{"url": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/69586", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1030821", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95544", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka \"Lync Denial of Service Vulnerability.\""}, {"lang": "es", "value": "Response Group Service en Microsoft Lync Server 2010 y 2013 y Core Components en Lync Server 2013 no manejan debidamente las excepciones, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del demonio) a trav\u00e9s de una llamada manipulada, tambi\u00e9n conocido como 'vulnerabilidad de denegaci\u00f3n de servicio de Lync.'"}], "lastModified": "2018-10-12T22:06:57.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:lync_server:2010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65EC32EA-FF6E-47A3-8B9C-3482733627B9"}, {"criteria": "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "677D4F3D-1374-4F6F-B69E-7F9F507D18A4"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}