CVE-2018-8531
published 2018-10-10CVE-2018-8531: A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT…
PriorityP355high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
15.19%
96.3th percentile
A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_iot_edge | — | — |
| microsoft | hub_device_client_sdk | — | — |
| msrc | azure_iot_edge | — | — |
| msrc | hub_device_client_sdk_for_azure_iot | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x6h5-845f-rv5f: A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azur
ghsa_unreviewed·2022-05-13
CVE-2018-8531 [HIGH] CWE-787 GHSA-x6h5-845f-rv5f: A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azur
A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.
Microsoft
Azure IoT Device Client SDK Memory Corruption Vulnerability
vendor_msrc·2018-10-09·CVSS 8.8
CVE-2018-8531 [HIGH] Azure IoT Device Client SDK Memory Corruption Vulnerability
Azure IoT Device Client SDK Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker would have no way to force users to view the attacker-controlled content. Instead, an
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-10
Published