PT-2023-7501 · Microsoft · Azure Rtos Netx Duo

Rkolandaivel

Published

2023-11-17

Updated

2023-12-08

CVE-2023-48692

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Azure RTOS NetX Duo versions 6.2.1 and below

Description The issue is related to a memory overflow vulnerability in the Azure RTOS NetX Duo TCP/IP network stack, which can be exploited by an attacker to achieve remote code execution. The affected components include processes related to icmp, tcp, snmp, dhcp, nat, and ftp.

Recommendations For Azure RTOS NetX Duo versions 6.2.1 and below, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components, such as disabling the icmp, tcp, snmp, dhcp, nat, and ftp functions until the upgrade is applied. Note that there are no known workarounds for this vulnerability apart from upgrading to the fixed release.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-825

Related Identifiers

BDU:2023-08546

CVE-2023-48692

GHSA-M2RX-243P-9W64

Affected Products

Azure Rtos Netx Duo

PT-2023-7501 · Microsoft · Azure Rtos Netx Duo

CVE-2023-48692

Weakness Enumeration

Related Identifiers

Affected Products

References · 8