CVE-2020-35609

{"id": "CVE-2020-35609", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-12-22T20:15:12.427", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1117", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1117", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1117", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1117", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad ioctl asincr\u00f3nica de Microsoft Azure Sphere versi\u00f3n 20.05. Una secuencia de llamadas ioctl especialmente dise\u00f1adas puede causar una denegaci\u00f3n de servicio. Un atacante puede escribir shellcode para desencadenar esta vulnerabilidad"}], "lastModified": "2024-11-21T05:27:41.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_sphere:20.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DACF0D08-A215-43D1-847F-2ABECF78BD34"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}