CVE-2023-48691

CVE Database · CVE-2023-48691

CVE-2023-48691

· HIGHModified

CVSS v3.1

8.1

EPSS

3.13%

Published

Dec 4, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (1)

microsoft · azure_rtos_netx_duo (up to 6.3.0)vulnerable

References (2)

https://github.com/azure-rtos/netxduo/security/advisories/GHSA-fwmg-rj6g-w99p

Third Party Advisory

https://github.com/azure-rtos/netxduo/security/advisories/GHSA-fwmg-rj6g-w99p

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs