Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability

Bugtraq ID:	104070
Class:	Design Error
CVE:	CVE-2018-8119
Remote:	Yes
Local:	No
Published:	May 08 2018 12:00AM
Updated:	May 08 2018 12:00AM
Credit:	Cristian Pop, Rajeev Vokkarne, John Spaith, and Tim Taylor of Azure IoT
Vulnerable:	Microsoft Java SDK for Azure IoT 0 Microsoft C# SDK for Azure IoT 0 Microsoft C SDK for Azure IoT 0
Not Vulnerable:

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability

Multiple Microsoft Azure IoT SDKs are prone to a security vulnerability that may allow attackers to conduct spoofing attacks.

A man-in-the-middle attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple Microsoft Azure IoT SDKs CVE-2018-8119 Man in the Middle Spoofing Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2018-8119 | Azure IoT SDK Spoofing Vulnerability (Microsoft)