CVE-2018-8531 Information

Description

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory aka \Azure IoT Device Client SDK Memory Corruption Vulnerability.\ This affects Hub Device Client SDK Azure IoT Edge.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/105472 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8