Spoofing Vulnerability in Azure IoT Device Provisioning C SDK by Microsoft
CVE-2018-8479

5.6MEDIUM

Key Information:

Vendor: Microsoft
Status: C Sdk
Vendor: CVE Published:; 13 September 2018

Summary

A spoofing vulnerability exists in the Azure IoT Device Provisioning C SDK library when utilizing the HTTP protocol on Windows platforms. This vulnerability could allow an attacker to impersonate legitimate devices, potentially leading to unauthorized access to critical IoT resources and data.

Affected Version(s)

C SDK Azure IoT

References

http://www.securityfocus.com/bid/105323

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2018
Vulnerability Reserved
Mar 14, 2018