"CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF"

Carnegie Mellon University's (CMU) CERT Coordination Center (CERT/CC) published an advisory for a critical flaw, discovered by Amazon Element55's Andrue Coombes, in the Microchip Advanced Software Framework (ASF). The framework is a free and open source code library used for the company's microcontrollers. According to the US semiconductor supplier, the product is for evaluation, prototyping, design, and production. CERT/CC says the issue stems from ASF's implementation of the Tinydhcp server. It enables Remote Code Execution (RCE) using specially crafted DHCP requests. This article continues to discuss the Microchip ASF vulnerability that could lead to RCE.

SecurityWeek reports "CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF"

Submitted by grigby1

Submitted by Gregory Rigby on