Skip to main content

Azure-connected IoT devices at risk of RCE due to critical vulnerability

posted onMarch 1, 2024
by l33tdawg
SC Magazine
Credit: SC Magazine

Internet-of-things (IoT) devices that use Microsoft’s uAMQP C library for communication with Azure Cloud Services may be vulnerable to remote code execution (RCE) due to a critical vulnerability disclosed on Tuesday.

The Advanced Message Queuing Protocol (AMQP) is used by Azure Cloud Services, including Azure Service Bus, Azure Event Hubs and Azure IoT Hubs, for communication between various devices and applications across the cloud environment. At risk is the C library for “uAMQP,” which is a lightweight implementation of the AMPQ protocol designed for devices with limited memory or processing power, such as portable IoT devices.

Microsoft provides the open-source uAMQP libraries to developers who write code in C and Python programing languages. On Feb. 27, a security notice was posted to the Azure uAMQP for C (azure-uamqp-c) GitHub repository, warning that a vulnerability in the library could cause conditions ripe for RCE due to a “double free” memory error.

Source

Tags

Security Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th