cvelistv5 - cve-2010-2966

CVE-2010-2966 (GCVE-0-2010-2966)

Vulnerability from cvelistv5 – Published: 2010-08-04 21:00 – Updated: 2024-09-16 22:50

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-PGQ6-MHRF-P3R5

Vulnerability from github – Published: 2022-05-17 05:49 – Updated: 2022-05-17 05:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2966"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-05T13:22:00Z",
    "severity": "HIGH"
  },
  "details": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.",
  "id": "GHSA-pgq6-mhrf-p3r5",
  "modified": "2022-05-17T05:49:23Z",
  "published": "2022-05-17T05:49:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2966"
    },
    {
      "type": "WEB",
      "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/840249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2010-2966

Vulnerability from fkie_nvd - Published: 2010-08-05 13:22 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Exploit
cve@mitre.org	http://www.kb.cert.org/vuls/id/840249	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/840249	US Government Resource

Impacted products

Vendor	Product	Version
windriver	vxworks	*
windriver	vxworks	5
windriver	vxworks	5.5
windriver	vxworks	6
windriver	vxworks	6.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB179D9-BA84-4DEA-88DF-AC3D0DE76EE1",
              "versionEndIncluding": "6.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69B80D9-E6A6-4761-9EE3-3EF5E55EFA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3680A0-7B0C-4E91-97D7-B3F33EE1569A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "91724364-0D8C-4FC2-9AA6-1ADCEDE86DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F452ABB-0174-4EC5-A82B-9D1164EBB163",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
    },
    {
      "lang": "es",
      "value": "La funcionalidad INCLUDE_SECURITY en Wind River VxWorks v6.x, v5.x, y anteriores usa los par\u00e1metros LOGIN_USER_NAME y LOGIN_USER_PASSWORD (conocido como LOGIN_PASSWORD) para crear credenciales fijas, que sea f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de sesiones (1) telnet, (2) rlogin, o (3) FTP."
    }
  ],
  "id": "CVE-2010-2966",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-05T13:22:29.827",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/840249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/840249"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201008-1003

Vulnerability from variot - Updated: 2024-07-23 20:40

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. -VxWorks The WDB target agent runs as a task in VxWorks, which is an optional component in the VxWorks configuration that is enabled by default. The WDB Target Agent Debug Service provides read/write access to device memory, allowing calls to functions. It is recommended to reconfigure VxWorks that contain the components required for operations and build the appropriate system image type. It is recommended to remove the WEB target proxy and debug components (INCLUDE_WDB and INCLUDE_DEBUG) and other operating system components that do not need to support the client application. - The HASK algorithm for the standard authentication API under VxWorks is vulnerable to collisions, and attackers with known usernames can access (telnet, rlogin or FTP) services using a standard authentication API (loginDefaultEncrypt(), part of loginLib) in a relative The brute force password is cracked in a short period of time. Since the HASH algorithm is vulnerable to collision, it is not necessary to find the actual password, as long as a string is used to generate the same HASH. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com)

Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)

Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)

Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)

Vendor response: TP-Link are not convinced that these flaws should be repaired.

TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.

Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.

(TL-SG2008 first product availability July 2014...)

Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")

Fix availability: None.

Work-arounds advised: None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure August 2, 2010

-- Rapid7 Customer Protection: Rapid7 NeXpose customers have access to a vulnerability check for this flaw as of the latest update. More information about this check can be found online at:

http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed

-- Vulnerability Details: This vulnerability allows remote attackers to read memory, write memory, execute code, and ultimately take complete control of the affected device. This issue affects over 100 different vendors and a multitude of products, both shipping and end-of-life. A spreadsheet of identified products affected by this flaw can be found at the URL below. This index is not comprehensive and not all devices found are still supported.

http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls

This flaw occurs due to an insecure setting in the configuration file of the manufacturer's source code. This setting results in a system- debug service being exposed on UDP port 17185. This service does not require authentication to access. More information about this issue can be found at the Metasploit blog:

http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

-- Vendor Response: Wind River Systems has notified their customers of the issue and indicated that the WDB agent should be disabled for production builds. CERT has notified every vendor with an identified, shipping product containing this vulnerability. Responses for each specific vendor can be found in the CERT advisory:

http://www.kb.cert.org/vuls/id/362332

-- Disclosure Timeline: 2010-06-02 - Vulnerability reported to CERT for vendor notification 2010-08-02 - Coordinated public release of advisory

-- Credit: This vulnerability had been discovered in specific devices in multiple instances, first by Bennett Todd in 2002 and then Shawn Merdinger in 2005. A comprehensive analysis of all affected devices was conducted by HD Moore in 2010.

-- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.

Our vulnerability disclosure policy is available online at:

http://www.rapid7.com/disclosure.jsp

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-1003",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vxworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "windriver",
        "version": "5.5"
      },
      {
        "model": "vxworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "windriver",
        "version": "5"
      },
      {
        "model": "vxworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "windriver",
        "version": "6.4"
      },
      {
        "model": "vxworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "windriver",
        "version": "6"
      },
      {
        "model": "vxworks",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "windriver",
        "version": "6.8"
      },
      {
        "model": "vxworks",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "wind river",
        "version": "6.x"
      },
      {
        "model": "vxworks",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "wind river",
        "version": "5.x"
      },
      {
        "model": "river systems vxworks through",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "wind",
        "version": "6.56.9"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "no",
        "version": null
      },
      {
        "model": "vxworks",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "windriver",
        "version": "6.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vxworks",
        "version": "5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vxworks",
        "version": "5.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vxworks",
        "version": "6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vxworks",
        "version": "6.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "vxworks",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "kvnjs",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128512"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2010-2966",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-2966",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2010-3890",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-2966",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2010-3890",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-030",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. -VxWorks The WDB target agent runs as a task in VxWorks, which is an optional component in the VxWorks configuration that is enabled by default. The WDB Target Agent Debug Service provides read/write access to device memory, allowing calls to functions. It is recommended to reconfigure VxWorks that contain the components required for operations and build the appropriate system image type. It is recommended to remove the WEB target proxy and debug components (INCLUDE_WDB and INCLUDE_DEBUG) and other operating system components that do not need to support the client application. - The HASK algorithm for the standard authentication API under VxWorks is vulnerable to collisions, and attackers with known usernames can access (telnet, rlogin or FTP) services using a standard authentication API (loginDefaultEncrypt(), part of loginLib) in a relative The brute force password is cracked in a short period of time. Since the HASH algorithm is vulnerable to collision, it is not necessary to find the actual password, as long as a string is used to generate the same HASH. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n   * All TP-Link VxWorks-based devices (confirmed by vendor)\n   * All \"2-series\" switches (confirmed by vendor)\n   * TL-SG2008 semi-managed switch (confirmed by vendor)\n   * TL-SG2216 semi-managed switch (confirmed by vendor)\n   * TL-SG2424 semi-managed switch (confirmed by vendor)\n   * TL-SG2424P semi-managed switch (confirmed by vendor)\n   * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n   * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n     at the very least:\n     * CVE-2013-0716 (confirmed by vendor)\n     * CVE-2013-0715 (confirmed by vendor)\n     * CVE-2013-0714 (confirmed by vendor)\n     * CVE-2013-0713 (confirmed by vendor)\n     * CVE-2013-0712 (confirmed by vendor)\n     * CVE-2013-0711 (confirmed by vendor)\n     * CVE-2010-2967 (confirmed by vendor)\n     * CVE-2010-2966 (confirmed by vendor)\n     * CVE-2008-2476 (confirmed by vendor)\n   * SSLv2 is available and cannot be disabled unless HTTPS is\n     completely disabled (allows downgrade attacks)\n     (confirmed by vendor)\n   * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n     be disabled (allows downgrade attacks)\n     (confirmed by vendor)\n\nDesign flaws:\n   * Telnet is available and cannot be disabled (confirmed by vendor)\n   * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n   TP-Link are not convinced that these flaws should be repaired. \n\n   TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n   intermittently. Most emails bounced. Lost contact with vendor, but\n   did confirm that development lead is now on holiday and will not\n   return for at least a week. \n\n   Initial vendor reaction was to recommend purchase of \"3-series\"\n   switches. Vendor did not offer reasons why \"3-series\" switches would\n   be more secure, apart from lack of telnet service. Vendor confirmed\n   that no development time can be allocated to securing \"2-series\"\n   product and all focus has shifted to newer products. \n\n   (TL-SG2008 first product availability July 2014...)\n\n   Vendor deeply confused about security of DES/3DES, MD5, claimed that\n   all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n   have different security level.\")\n\nFix availability:\n   None. \n\nWork-arounds advised:\n   None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure\nAugust 2, 2010\n\n-- Rapid7 Customer Protection:\nRapid7 NeXpose customers have access to a vulnerability check for this\nflaw as of the latest update. More information about this check can be\nfound online at:\n\n http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed\n\n-- Vulnerability Details:\nThis vulnerability allows remote attackers to read memory, write memory,\nexecute code, and ultimately take complete control of the affected\ndevice. This issue affects over 100 different vendors and a multitude of\nproducts, both shipping and end-of-life. A spreadsheet of identified\nproducts affected by this flaw can be found at the URL below. This index\nis not comprehensive and not all devices found are still supported. \n\n http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls\n\nThis flaw occurs due to an insecure setting in the configuration file of\nthe manufacturer\u0027s source code. This setting results in a system- debug\nservice being exposed on UDP port 17185. This service does not require\nauthentication to access. More information about this issue can be found\nat the Metasploit blog:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nindicated that the WDB agent should be disabled for production builds. \nCERT has notified every vendor with an identified, shipping product\ncontaining this vulnerability. Responses for each specific vendor can be\nfound in the CERT advisory:\n\n http://www.kb.cert.org/vuls/id/362332\n\n-- Disclosure Timeline:\n2010-06-02 - Vulnerability reported to CERT for vendor notification\n2010-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability had been discovered in specific devices in multiple\ninstances, first by Bennett Todd in 2002 and then Shawn Merdinger in\n2005. A comprehensive analysis of all affected devices was conducted by\nHD Moore in 2010. \n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "PACKETSTORM",
        "id": "128512"
      },
      {
        "db": "PACKETSTORM",
        "id": "92448"
      }
    ],
    "trust": 3.6
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-2966",
        "trust": 3.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#840249",
        "trust": 3.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030",
        "trust": 1.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#362332",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "42114",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "0169CA3C-2356-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "7D7367F0-463F-11E9-837F-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "128512",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92448",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "PACKETSTORM",
        "id": "128512"
      },
      {
        "db": "PACKETSTORM",
        "id": "92448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "id": "VAR-201008-1003",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      }
    ],
    "trust": 2.48058823
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.4
      },
      {
        "category": [
          "IoT",
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      }
    ]
  },
  "last_update_date": "2024-07-23T20:40:40.038000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.windriver.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.kb.cert.org/vuls/id/840249"
      },
      {
        "trust": 1.7,
        "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2966"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2966"
      },
      {
        "trust": 0.6,
        "url": "http://www.kb.cert.org/vuls/id/362332http"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
      },
      {
        "trust": 0.1,
        "url": "http://tp-link.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
      },
      {
        "trust": 0.1,
        "url": "http://www.rapid7.com/disclosure.jsp"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/362332"
      },
      {
        "trust": 0.1,
        "url": "http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed"
      },
      {
        "trust": 0.1,
        "url": "http://www.metasploit.com/data/confs/bsideslv2010/vxworksdevices.xls"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "PACKETSTORM",
        "id": "128512"
      },
      {
        "db": "PACKETSTORM",
        "id": "92448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "db": "PACKETSTORM",
        "id": "128512"
      },
      {
        "db": "PACKETSTORM",
        "id": "92448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-08-05T00:00:00",
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2010-08-03T00:00:00",
        "db": "IVD",
        "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2010-08-03T00:00:00",
        "db": "IVD",
        "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
      },
      {
        "date": "2010-08-05T00:00:00",
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "date": "2010-08-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "date": "2010-08-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "date": "2014-10-01T10:11:11",
        "db": "PACKETSTORM",
        "id": "128512"
      },
      {
        "date": "2010-08-03T17:02:02",
        "db": "PACKETSTORM",
        "id": "92448"
      },
      {
        "date": "2010-08-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "date": "2010-08-05T13:22:29.827000",
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-08-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "date": "2010-08-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2010-1489"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-005613"
      },
      {
        "date": "2010-08-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      },
      {
        "date": "2010-08-05T13:22:29.827000",
        "db": "NVD",
        "id": "CVE-2010-2966"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Wind River VxWorks INCLUDE_SECURITY Feature Trust Management Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2010-3890"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trust management",
    "sources": [
      {
        "db": "IVD",
        "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-030"
      }
    ],
    "trust": 1.0
  }
}

GSD-2010-2966

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2966

Aliases

CVE-2010-2966

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2966",
    "description": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.",
    "id": "GSD-2010-2966"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2966"
      ],
      "details": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.",
      "id": "GSD-2010-2966",
      "modified": "2023-12-13T01:21:31.440476Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2966",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#840249",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/840249"
          },
          {
            "name": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
            "refsource": "MISC",
            "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2966"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
            },
            {
              "name": "VU#840249",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/840249"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2010-08-05T13:22Z",
      "publishedDate": "2010-08-05T13:22Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2966 (GCVE-0-2010-2966)

GHSA-PGQ6-MHRF-P3R5

FKIE_CVE-2010-2966

VAR-201008-1003

GSD-2010-2966

Tags

Sightings

Nomenclature