A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/104070 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/viewAlert.x?alertId=57754&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Microsoft%20Azure%20IoT%20SDK%20AMQP%20Transport%20Library%20Spoofing%20Vulnerability&vs_k=1 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2018-05-09 12:29
Updated : 2018-06-18 09:39
NVD link : CVE-2018-8119
Mitre link : CVE-2018-8119
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
microsoft
- csharp_software_development_kit
- java_software_development_kit
- c_software_development_kit