CVE-2019-0622

low-risk

Published 2019-01-08

An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (1)

Skype

Affected Vendors

Microsoft

References (4)

Third Party Advisory http://www.securityfocus.com/bid/106465

Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0622

Third Party Advisory http://www.securityfocus.com/bid/106465

Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0622

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal