CVE-2023-48316
Azure RTOS NetX Duo Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Azure RTOS NetX Duo es una pila de red TCP/IP diseñada específicamente para aplicaciones de IoT y en tiempo real profundamente integradas. Un atacante puede provocar la ejecución remota de código debido a vulnerabilidades de desbordamiento de memoria en Azure RTOS NETX Duo. Los componentes afectados incluyen procesos/funciones relacionados con snmp, smtp, ftp y dtls en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versión 6.3.0 de NetX Duo. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-14 CVE Reserved
- 2023-12-05 CVE Published
- 2024-08-02 CVE Updated
- 2025-01-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
- CWE-825: Expired Pointer Dereference
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/azure-rtos/netxduo/security/advisories/GHSA-3cmf-r288-xhwq | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Azure Rtos Netx Duo Search vendor "Microsoft" for product "Azure Rtos Netx Duo" | < 6.3.0 Search vendor "Microsoft" for product "Azure Rtos Netx Duo" and version " < 6.3.0" | - |
Affected
|