CVE-2023-48693: Azure RTOS ThreadX Remote Code Execution Vulnerability
First published: Tue Dec 05 2023(Updated: )
Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Azure RTOS | <6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Azure RTOS ThreadX Remote Code Execution?
The vulnerability ID for Azure RTOS ThreadX Remote Code Execution is CVE-2023-48693.
What is the severity of CVE-2023-48693?
The severity of CVE-2023-48693 is critical.
What is the affected software for CVE-2023-48693?
The affected software for CVE-2023-48693 is Microsoft Azure Rtos Threadx up to version 6.3.0.
How does the Azure RTOS ThreadX Remote Code Execution vulnerability occur?
The vulnerability in Azure RTOS ThreadX occurs due to a vulnerability in the parameter checking mechanism.
How can an attacker exploit CVE-2023-48693?
An attacker can exploit CVE-2023-48693 to cause arbitrary read and write, leading to privilege escalation.
- agent/type
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft azure rtos