CVE-2023-48316

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq	Third Party Advisory
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:microsoft:azure_rtos_netx_duo:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:31

Type	Values Removed	Values Added
References	~~() https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq - Third Party Advisory~~	() https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq - Third Party Advisory

08 Dec 2023, 19:11

Type	Values Removed	Values Added
References	~~() https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq -~~	() https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq - Third Party Advisory
First Time		Microsoft azure Rtos Netx Duo Microsoft
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:o:microsoft:azure_rtos_netx_duo::::::::
CWE		CWE-787

05 Dec 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-05 01:15

Updated : 2024-11-21 08:31

NVD link : CVE-2023-48316

Mitre link : CVE-2023-48316

CVE.ORG link : CVE-2023-48316

JSON object : View

Products Affected

microsoft

azure_rtos_netx_duo

CWE

CWE-787

Out-of-bounds Write

CWE-825

Expired Pointer Dereference

{"id": "CVE-2023-48316", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-05T01:15:07.503", "references": [{"url": "https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-787"}, {"lang": "en", "value": "CWE-825"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Azure RTOS NetX Duo es una pila de red TCP/IP dise\u00f1ada espec\u00edficamente para aplicaciones de IoT y en tiempo real profundamente integradas. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desbordamiento de memoria en Azure RTOS NETX Duo. Los componentes afectados incluyen procesos/funciones relacionados con snmp, smtp, ftp y dtls en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de NetX Duo. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2024-11-21T08:31:28.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:azure_rtos_netx_duo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "401B08CC-CEC4-458C-B00D-5083B8DDC38A", "versionEndExcluding": "6.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}