Lucene search

[email protected]CVE-2014-4068

HistorySep 10, 2014 - 1:55 a.m.

CVE-2014-4068

2014-09-1001:55:09

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-4068

microsoft

lync server

denial of service

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka “Lync Denial of Service Vulnerability.”

Affected configurations

NVD

Node

microsoftlync_serverMatch2010

microsoftlync_serverMatch2013

CPENameOperatorVersion
microsoft:lync_servermicrosoft lync servereq2010
microsoft:lync_servermicrosoft lync servereq2013

CPE	Name	Operator	Version
microsoft:lync_server	microsoft lync server	eq	2010
microsoft:lync_server	microsoft lync server	eq	2013

References

blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx

www.securityfocus.com/bid/69586

www.securitytracker.com/id/1030821

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055

exchange.xforce.ibmcloud.com/vulnerabilities/95544

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Related for CVE-2014-4068

prion1 nvd1 cvelist1 symantec1 openvas1 securityvulns1 nessus1 kaspersky1