CVE-2023-48696: Azure RTOS USBX Remote Code Execution Vulnerability
First published: Tue Dec 05 2023(Updated: )
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Azure Rtos Usbx | <6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-48696?
CVE-2023-48696 is a vulnerability in Azure RTOS USBX that allows remote code execution due to expired pointer dereference vulnerabilities.
What is the severity of CVE-2023-48696?
CVE-2023-48696 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2023-48696?
Versions up to and excluding 6.3.0 of Microsoft Azure RTOS USBX are affected by CVE-2023-48696.
How can an attacker exploit CVE-2023-48696?
An attacker can exploit CVE-2023-48696 by causing remote code execution through the expired pointer dereference vulnerabilities in Azure RTOS USBX.
Is there a fix available for CVE-2023-48696?
Yes, a fix for CVE-2023-48696 is available. It is recommended to update to a version beyond 6.3.0 of Microsoft Azure RTOS USBX.
- collector/nvd-api
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft azure rtos usbx