{"containers": {"cna": {"affected": [{"product": "C# SDK", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Azure IoT"}]}, {"product": "C SDK", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Azure IoT"}]}, {"product": "Java SDK", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Azure IoT"}]}], "datePublic": "2018-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C# SDK, C SDK, Java SDK."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-10T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119"}, {"name": "104070", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104070"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8119", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "C# SDK", "version": {"version_data": [{"version_value": "Azure IoT"}]}}, {"product_name": "C SDK", "version": {"version_data": [{"version_value": "Azure IoT"}]}}, {"product_name": "Java SDK", "version": {"version_data": [{"version_value": "Azure IoT"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C# SDK, C SDK, Java SDK."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119"}, {"name": "104070", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104070"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:13.225Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119"}, {"name": "104070", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104070"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8119", "datePublished": "2018-05-09T19:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:46:13.225Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:c_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*", "matchCriteriaId": "8F54AD62-38A5-4ED3-8570-ED1F622FC605", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:csharp_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*", "matchCriteriaId": "FA3827EE-ED71-4D04-8D1F-87569E6AF25A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:java_software_development_kit:*:*:*:*:*:azure_internet_of_things:*:*", "matchCriteriaId": "B242CBAC-58D2-4365-8799-EE67FE9F8A7C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka \"Azure IoT SDK Spoofing Vulnerability.\" This affects C# SDK, C SDK, Java SDK."}, {"lang": "es", "value": "Existe una vulnerabilidad de suplantaci\u00f3n cuando la biblioteca Azure IoT Device Provisioning AMQP Transport valida certificados incorrectamente con el protocolo AMQP. Esto tambi\u00e9n se conoce como \"Azure IoT SDK Spoofing Vulnerability\". Esto afecta a C# SDK, C SDK y Java SDK."}], "id": "CVE-2018-8119", "lastModified": "2024-11-21T04:13:18.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-09T19:29:01.230", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104070"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119"}, {"source": "nvd@nist.gov", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=57754&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Microsoft%20Azure%20IoT%20SDK%20AMQP%20Transport%20Library%20Spoofing%20Vulnerability&vs_k=1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}