EPSS
Percentile
44.0%
The Azure IoT Device Provisioning AMQP Transport library is vulnerable to spoofing due to improper validation of certificates over the AMQP protocol. The vulnerability affects C# SDK, C SDK and Java SDK.
github.com/Azure/azure-iot-sdk-csharp/commit/21548e8dd129e0e6ea2eaf5387bf8a1195f0f672
github.com/Azure/azure-iot-sdk-csharp/releases/tag/2018-3-13
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8119