Azure RTOS USBX Remote Code Execution Vulnerability
CVE-2023-48695

7.2HIGH

Key Information:

Vendor: Azure-rtos
Status: Usbx
Vendor: CVE Published:; 5 December 2023

What is CVE-2023-48695?

Azure RTOS USBX, an embedded stack integrated with Azure RTOS ThreadX, is susceptible to remote code execution due to out of bounds write vulnerabilities. Specifically, this issue affects the host and device classes within the USBX framework, particularly relating to CDC ECM and RNDIS functionalities. Users utilizing versions prior to USBX 6.3.0 are at risk and should promptly upgrade to the latest version as there are no alternative workarounds available.

Affected Version(s)

usbx < 6.3.0

References

https://github.com/azure-rtos/usbx/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Nov 17, 2023

Azure-rtos

What is CVE-2023-48695?

Affected Version(s)

References

CVSS V3.1

Timeline