Описание
Microsoft Defender for IoT Remote Code Execution Vulnerability
FAQ
What version of Microsoft Defender for IoT has the update that protects from this vulnerability?
Version 10.5.2 and above.
What is the action required to take the update?
You need to update to the latest Microsoft Defender for IoT software version. See the Update the software version section of Manage the on-premises management console.
What is Microsoft Defender for IoT?
Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to authenticate to the management console appliance and to have an integration token documented here: Defender for IoT sensor and management console APIs.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Defender for IoT |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889.
Уязвимость комплекса средств по обнаружению угроз для сред Интернета вещей Microsoft Defender for IoT, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3