CVE-2018-8119

Опубликовано: 09 мая 2018

Источник: nvd

CVSS3: 5.6

CVSS2: 6.8

EPSS Низкий

Описание

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.

Ссылки

http://www.securityfocus.com/bid/104070
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119
Patch
Vendor Advisory
https://tools.cisco.com/security/center/viewAlert.x?alertId=57754&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Microsoft%20Azure%20IoT%20SDK%20AMQP%20Transport%20Library%20Spoofing%20Vulnerability&vs_k=1
Third Party Advisory
http://www.securityfocus.com/bid/104070
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:c_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*

Конфигурация 2

cpe:2.3:a:microsoft:csharp_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*

Конфигурация 3

cpe:2.3:a:microsoft:java_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*

EPSS

Процентиль: 59%

0.00383

Низкий

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2018-8119

msrc

больше 7 лет назад

Azure IoT SDK Spoofing Vulnerability

GHSA-vwrp-7x3m-9644