PT-2023-30902 · Microsoft · Azure Rtos Threadx

Published

2023-12-04

Updated

2023-12-08

CVE-2023-48693

CVSS v3.1

8.7

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Azure RTOS ThreadX versions prior to 6.3.0

Description Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to a vulnerability in the parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation.

Recommendations For Azure RTOS ThreadX versions prior to 6.3.0, upgrade to ThreadX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter checking mechanism until a patch is available. Avoid using the vulnerable components in Azure RTOS ThreadX until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2023-48693

GHSA-P7W6-62RQ-VRF9

Affected Products

Azure Rtos Threadx

PT-2023-30902 · Microsoft · Azure Rtos Threadx

CVE-2023-48693

Weakness Enumeration

Related Identifiers

Affected Products

References · 6