PT-2023-30905 · Microsoft · Azure Rtos Usbx

Publicado

2023-12-04

Atualizado

2025-10-27

CVE-2023-48696

CVSS v3.1

6.7

Média

Vetor

AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions 6.2.1 and below

Description An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM.

Recommendations For Azure RTOS USBX versions 6.2.1 and below, upgrade to USBX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the host class components related to CDC ACM until the upgrade is applied. Note that there are no known workarounds for this vulnerability, so upgrading to the fixed version is the recommended course of action.

Exploit

Correção

RCE

Improper Check for Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-754CWE-825

Identificadores relacionados

CVE-2023-48696

GHSA-H733-98HQ-F884

Produtos afetados

Azure Rtos Usbx

PT-2023-30905 · Microsoft · Azure Rtos Usbx

CVE-2023-48696

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8