Описание
Microsoft Defender for IoT Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An authenticated attacker with access to the file upload feature could exploit this path traversal vulnerability by uploading malicious files to sensitive locations on the server.
What actions do customers need to take to protect themselves from this vulnerability?
Customers need to update their Defender for IoT software to version 24.1.3 or above. For more information, see OT monitoring software versions.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
An attacker would be required to have an administrative account in the Defender for OT web application or to be an authorized user with access to a private key that matches a public key already present on the server to exploit this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Defender for IoT |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Уязвимость комплекса средств по обнаружению угроз для сред Интернета вещей Microsoft Defender for IoT, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3