PT-2023-30778 · Microsoft · Azure Rtos Netx Duo
Rkolandaivel
·
Published
2023-12-04
·
Updated
2023-12-08
·
CVE-2023-48316
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Azure RTOS NetX Duo versions 6.2.1 and below
Description
The issue affects Azure RTOS NetX Duo, a TCP/IP network stack for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities. The affected components include processes/functions related to
snmp, smtp, ftp, and dtls.Recommendations
For Azure RTOS NetX Duo versions 6.2.1 and below, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider disabling the affected components, such as
snmp, smtp, ftp, and dtls, until the upgrade is applied.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Azure Rtos Netx Duo