Описание
Azure IoT Explorer Information Disclosure Vulnerability
Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes the contents of the user’s local file system, folders or potentially cloud access credentials associated with the system.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure IoT Explorer |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
Уязвимость программного обеспечения Azure IoT Explorer, связанная с привязкой к открытым IP-адресам, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.5 Medium
CVSS3