Description
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106966
Scores
CVSS v3
9.8
EPSS
0.0313
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-330
Status
published
Products (1)
microsoft/java_software_development_kit
Published
Mar 05, 2019
Tracked Since
Feb 18, 2026