CVE-2023-48692 CRITICAL

CVE-2023-48692: Azure RTOS NetX Duo Remote Code Execution Vulnerability

Vendor Azure-Rtos
Product netxduo
Weakness CWE-787
Published December 5, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

9.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-28564 Adobe Acrobat Reader out-of-bounds write vulnerability could lead to arbitrary code execution CVE-2022-23985 ICSA-22-055-01 FATEK Automation FvDesigner CVE-2023-34293 Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2024-2971 Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05 CVE-2021-21048 Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability