Missing Auth in Arduino VS Code Extension Enables RCE
CVE-2024-43488 Published on October 8, 2024
Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2024-43488
Want to know whenever a new CVE is published for Microsoft Visual Studio Code? stack.watch will email you.
Affected Versions
Microsoft Visual Studio Code Version N/A is affected by CVE-2024-43488Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.