CVE-2023-41763 Scanner

Skype for Business is utilized by organizations to facilitate internal and external communication through instant messaging, voice, video calls, and online meetings. It enables seamless connectivity across various devices, offering integration with other Microsoft Office applications. Businesses primarily use Skype for Business for its comprehensive communication features, which include file transfers and whiteboard sessions. Many enterprises leverage this platform for its ability to support scalable communication solutions that align with corporate protocols. Skype for Business is a preferable choice due to its extensive security features, making it suitable for both small businesses and large enterprises. It is crucial for maintaining consistent and secure real-time communications within global organizations.

The Server-Side-Request-Forgery (SSRF) vulnerability allows an attacker to induce the server-side application to make HTTP requests to an unintended destination. This specific SSRF vulnerability, identified in Skype for Business 2019 with a medium CVSS score, permits external attackers to manipulate server actions. By exploiting this flaw, attackers can potentially bypass network defenses, leading to unauthorized network access or data disclosure. SSRF vulnerabilities are particularly dangerous since they can act as a stepping stone to gain further access to internal networks or sensitive data. In this vulnerability, malicious actors could create requests that the server would unwittingly execute on their behalf. Such vulnerabilities often arise from applications trusting unverified external input.

The vulnerability exploits the lack of proper input validation on the server-side, where the server indiscriminately processes crafted URLs. In this context, the vulnerability lies in the improper handling of base64 encoded inputs within the endpoint '/lwa/Webpages/LwaClient.aspx'. Utilizing the provided templates, an attacker can send a crafted payload disguised within legitimate requests to the server. When the server processes these maliciously crafted requests, it issues internal network requests as relayed by the attacker. Authentication is brackish, allowing attackers to pivot from SSRF to potential further exploits depending on service configurations. The exploitation does not require prior authorization, which expands its applicability and threat footprint in a network environment.

Exploiting this SSRF vulnerability can potentially lead to unauthorized actions taking place within the internal network, resulting in data exfiltration or server manipulation. Attackers could leverage such vulnerabilities to enumerate services and access internally facing endpoints. Furthermore, data theft or service disruption might occur if compounded with other vulnerabilities. It could lead to bypassing security controls designed to protect sensitive information or even launch further exploits. This vulnerability is critical as it can form a part of multi-stage attacks where attackers conduct preliminary reconnaissance. Additionally, it may provide a gateway for launching complex attacks, including internal DOS or unauthorized data manipulation campaigns.

REFERENCES

• https://frycos.github.io/vulns4free/2022/09/26/skype-audit-part2.html
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763
• https://nvd.nist.gov/vuln/detail/CVE-2023-41763
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors