CVE-2023-48695

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 5, 2023

Updated: Dec 8, 2023

CWE ID 787

Summary

CVE-2023-48695 is a remote code execution vulnerability affecting Azure RTOS USBX, a USB host, device, and on-the-go (OTG) embedded stack integrated with Azure RTOS ThreadX. The issue results from out-of-bounds write vulnerabilities in the CDC ECM and RNDIS functions or processes in the host and device classes of RTOS v6.2.1 and below. An attacker can exploit this flaw to execute arbitrary code remotely. Users are urged to upgrade to USBX release 6.3.0 to mitigate the risk, as no workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Azure RTOS USBX

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tdCwUa
https://www.cve.org/CVERecord?id=CVE-2023-48695
https://nvd.nist.gov/vuln/detail/CVE-2023-48695

Back to Vulnerability Database