CVE-2018-8531 - A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using M

CVE-2018-8531

Summary

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:azure_internet_of_things_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_internet_of_things_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:csharp_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*
cpe:2.3:a:microsoft:csharp_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*

CVSS

Base:	9.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	105472
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531

Last major update

24-08-2020 - 17:37

Published

10-10-2018 - 13:29

Last modified

24-08-2020 - 17:37