CVE-2023-48693

EPSS 0.69%
Published 05.12.2023 01:15:08
Last modified 21.11.2024 08:32:16
Source security-advisories@github.com
Teams watchlist Login
Open Login

 Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Azure Rtos Threadx Version < 6.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.69%	0.708

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	8.7	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/azure-rtos/threadx/security/advisories/GHSA-p7w6-62rq-vrf9

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-48693

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-48693

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-48693

EUVD