What is CVE-2023-48695?

CVE-2023-48695 is a high-severity vulnerability in Azure-rtos Usbx, classified under Out-of-bounds Write. CVSS score: 7.2/10. Published 2023-12-05.

How severe is CVE-2023-48695?

High severity. CVSS v3 base score is 7.2 out of 10.

Buffer overflow in Azure-rtos Usbx

CVE-2023-48695

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The aff…

Vulnerability class: Buffer Overflow

EPSS: 0.018 (83.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Azure-rtos Usbx — versions < 6.3.0

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

https://github.com/azure-rtos/usbx/security/advisories/GHSA-mwj9-rpph-v8wc (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-48695?: CVE-2023-48695 is a high-severity vulnerability in Azure-rtos Usbx, classified under Out-of-bounds Write. CVSS score: 7.2/10. Published 2023-12-05.
How severe is CVE-2023-48695?: High severity. CVSS v3 base score is 7.2 out of 10.