CVE-2020-35608
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability.
Se presenta una vulnerabilidad de ejecución de código en la funcionalidad de ejecución de código firmado del mundo normal de Microsoft Azure Sphere versión 20.07. Un socket AF_PACKET especialmente diseñado puede causar a un proceso crear una asignación de memoria ejecutable con contenido controlable. Un atacante puede ejecutar un shellcode que usa la funcionalidad PACKET_MMAP para desencadenar esta vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-21 CVE Reserved
- 2020-12-22 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-01-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2020-1134 | 2024-08-04 | |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1134 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Azure Sphere Search vendor "Microsoft" for product "Azure Sphere" | 20.07 Search vendor "Microsoft" for product "Azure Sphere" and version "20.07" | - |
Affected
| ||||||