PT-2023-30905 · Microsoft · Azure Rtos Usbx

Published

2023-12-04

Updated

2025-10-27

CVE-2023-48696

CVSS v3.1

6.7

Medium

Vector

AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions 6.2.1 and below

Description An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM.

Recommendations For Azure RTOS USBX versions 6.2.1 and below, upgrade to USBX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the host class components related to CDC ACM until the upgrade is applied. Note that there are no known workarounds for this vulnerability, so upgrading to the fixed version is the recommended course of action.

Exploit

Fix

RCE

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-825

Related Identifiers

CVE-2023-48696

GHSA-H733-98HQ-F884

Affected Products

Azure Rtos Usbx

PT-2023-30905 · Microsoft · Azure Rtos Usbx

CVE-2023-48696

Weakness Enumeration

Related Identifiers

Affected Products

References · 8