Remote Code Execution Vulnerability in Azure IoT SDK
CVE-2024-38158

7HIGH

Key Information:

Vendor: Microsoft
Status: C Sdk For Azure Iot
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability has been identified in the Azure IoT SDK which allows for remote code execution. An attacker who successfully exploits this vulnerability could execute arbitrary code on the affected system, posing a considerable risk to resources and data integrity. Organizations utilizing the Azure IoT SDK need to be aware of this issue and implement necessary updates and patches to safeguard their IoT environments.

Affected Version(s)

C SDK for Azure IoT Unknown 0 < 1.12.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed