Cristian Pop

**Name of the Vulnerable Software and Affected Versions** Azure IoT CLI extension (affected versions not specified) **Description** The issue is related to errors in privilege management in the Azure IoT CLI interface. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure SDK for C (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in the Azure SDK for C, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure IoT Hub Device Client SDK (affected versions not specified) Azure IoT Edge (affected versions not specified) **Description** A remote code execution issue exists due to the way the Azure IoT Hub Device Client SDK accesses objects in memory. This can be exploited by a remote attacker to execute arbitrary code with the privileges of the current user by using a specially crafted message. **Recommendations** For Azure IoT Hub Device Client SDK, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Azure IoT Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure IoT Device Provisioning AMQP Transport library (affected versions not specified) **Description** A spoofing issue exists due to improper certificate validation over the AMQP protocol. This affects the C# SDK, C SDK, and Java SDK. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.