CVE-2018-8531

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Hub Device Client Sdk; Azure Iot Edge
Vendor: CVE Published:; 10 October 2018

Summary

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.

Affected Version(s)

Azure IoT Edge Azure IoT Edge

Hub Device Client SDK Azure IoT

References

http://www.securityfocus.com/bid/105472

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2018
Vulnerability Reserved
Mar 14, 2018

Collectors

NVD DatabaseMitre Database