July 21, 2022 at 09:06AM

■■■■□ PT Swarm team has reproduced an Arbitrary File Read for an internal site of Skype for Business / MS Lync.

CVE: CVE-2022-26911
Subdomains: dialin, meet, lyncdiscover, sip, …

Original advisory: https://t.co/WaYc1zs9Hh

The PoC

https://twitter.com/ptswarm/status/1549744638193541122

https://t.me/cKure/11650