CVE-2020-1697011.11.2020, 07:15Azure Sphere Unsigned Code Execution VulnerabilityEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.1 HIGHLOCALHIGHNONECVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HmicrosoftCNA8.1 HIGHCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 50%VendorProductVersionmicrosoftazure_sphere𝑥< 20.07𝑥= Vulnerable software versionsKnown Exploits!https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1118https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1118Common Weakness EnumerationCWE-415 - Double FreeThe product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16970https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1118https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16970https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1118