cbcvebase.
CVE-2020-17002
published 2020-12-10

CVE-2020-17002: Azure SDK for C Security Feature Bypass Vulnerability

PriorityP353critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
3.23%
86.7th percentile
Azure SDK for C Security Feature Bypass Vulnerability

Affected

37 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftazure-c-shared-utility< publicationpublication
microsoftazure-c-shared-utility_release_lts_02_2020_ref02< publicationpublication
microsoftazure-c-shared-utility_release_lts_07_2020_ref02< publicationpublication
microsoftazure-uamqp-c>= 1.0.0 < publicationpublication
microsoftazure-uamqp-c_release_lts_02_2020_ref02< publicationpublication
microsoftazure-uamqp-c_release_lts_07_2020_ref02< publicationpublication
microsoftazure-uhttp-c< publicationpublication
microsoftazure-uhttp-c_release_lts_02_2020_ref02< publicationpublication
microsoftazure-uhttp-c_release_lts_07_2020_ref02< publicationpublication
microsoftazure-umqtt-c< publicationpublication
microsoftazure-umqtt-c_release_lts_02_2020_ref02< publicationpublication
microsoftazure-umqtt-c_release_lts_07_2020_ref02< publicationpublication
microsoftazure-utpm-c< publicationpublication
microsoftazure-utpm-c_release_lts_02_2020_ref02< publicationpublication
microsoftazure-utpm-c_release_lts_07_2020_ref02< publicationpublication
microsoftc_sdk_for_azure_iot< publicationpublication
microsoftc_sdk_for_azure_iot< lts_07_2020_ref02lts_07_2020_ref02
microsoftc_sdk_for_azure_iot_release_lts_02_2020_ref02< publicationpublication
microsoftc_sdk_for_azure_iot_release_lts_07_2020_ref02< publicationpublication
msrcazure-c-shared-utility
msrcazure-c-shared-utility_release_lts_02_2020_ref02
msrcazure-c-shared-utility_release_lts_07_2020_ref02
msrcazure-uamqp-c
msrcazure-uamqp-c_release_lts_02_2020_ref02
msrcazure-uamqp-c_release_lts_07_2020_ref02

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:N
vendor_msrc7.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.