CVE-2023-48694

Summary

CVE-2023-48694 is a remote code execution vulnerability affecting Azure RTOS USBX, a USB host, device, and on-the-go (OTG) embedded stack integrated with Azure RTOS ThreadX. The flaw stems from expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. Functions/processes in the host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, and CDC ECM in RTOS v6.2.1 and below are susceptible. Attackers can exploit this issue to execute malicious code remotely. No known workarounds exist, and users are urged to upgrade to USBX release 6.3.0 to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.