Описание
Azure IoT SDK Spoofing Vulnerability
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform. An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process.
To exploit this vulnerability, an attacker would need to perform a man-in-the-middle (MitM) attack on the network that provisioning was taking place.
This security update addresses the vulnerability by correcting how the HTTP transport library validates certificates.
This vulnerability does NOT impact other Azure IoT SDK’s such as Java/Node/C#, does NOT impact the C SDK when running on Linux or embedded OS’s, and only impacts when using the HTTP transport and NOT MQTT or AMQP
Возможность эксплуатации
Publicly Disclosed
Exploited
DOS
EPSS
Связанные уязвимости
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.
Уязвимость набора инструментов для разработки программного обеспечения Azure IoT SDK, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю осуществить атаку типа «человек посередине»
EPSS