Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2023-23379

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Defender For Iot
Vendor: CVE Published:; 14 February 2023

Summary

An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which could allow an attacker to gain unauthorized access and execute arbitrary code within the context of the application. This flaw poses a significant risk to the integrity and confidentiality of the connected devices managed by the Defender, emphasizing the need for prompt patch management and system monitoring.

Affected Version(s)

Microsoft Defender for IoT Unknown 22.0.0 < 22.3.6

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 11, 2023