PT-2023-30778 · Microsoft · Azure Rtos Netx Duo

Rkolandaivel

Publicado

2023-12-04

Atualizado

2023-12-08

CVE-2023-48316

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Azure RTOS NetX Duo versions 6.2.1 and below

Description The issue affects Azure RTOS NetX Duo, a TCP/IP network stack for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities. The affected components include processes/functions related to snmp, smtp, ftp, and dtls.

Recommendations For Azure RTOS NetX Duo versions 6.2.1 and below, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider disabling the affected components, such as snmp, smtp, ftp, and dtls, until the upgrade is applied.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-825

Identificadores relacionados

CVE-2023-48316

GHSA-3CMF-R288-XHWQ

Produtos afetados

Azure Rtos Netx Duo

PT-2023-30778 · Microsoft · Azure Rtos Netx Duo

CVE-2023-48316

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6