A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104070 | Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119 | Patch Vendor Advisory |
https://tools.cisco.com/security/center/viewAlert.x?alertId=57754&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Microsoft%20Azure%20IoT%20SDK%20AMQP%20Transport%20Library%20Spoofing%20Vulnerability&vs_k=1 | Third Party Advisory |
http://www.securityfocus.com/bid/104070 | Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/104070 - Third Party Advisory, VDB Entry | |
References | () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119 - Patch, Vendor Advisory |
Information
Published : 2018-05-09 19:29
Updated : 2024-11-21 04:13
NVD link : CVE-2018-8119
Mitre link : CVE-2018-8119
CVE.ORG link : CVE-2018-8119
JSON object : View
Products Affected
microsoft
- java_software_development_kit
- csharp_software_development_kit
- c_software_development_kit
CWE
CWE-295
Improper Certificate Validation