var-201008-1004
Vulnerability from variot
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. -VxWorks The WDB target agent runs as a task in VxWorks, which is an optional component in the VxWorks configuration that is enabled by default. The WDB Target Agent Debug Service provides read/write access to device memory, allowing calls to functions. It is recommended to reconfigure VxWorks that contain the components required for operations and build the appropriate system image type. It is recommended to remove the WEB target proxy and debug components (INCLUDE_WDB and INCLUDE_DEBUG) and other operating system components that do not need to support the client application. - The HASK algorithm for the standard authentication API under VxWorks is vulnerable to collisions, and attackers with known usernames can access (telnet, rlogin or FTP) services using a standard authentication API (loginDefaultEncrypt(), part of loginLib) in a relative The brute force password is cracked in a short period of time. Since the HASH algorithm is vulnerable to collision, it is not necessary to find the actual password, as long as a string is used to generate the same HASH. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com)
Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)
Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)
Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
Vendor response: TP-Link are not convinced that these flaws should be repaired.
TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.
Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.
(TL-SG2008 first product availability July 2014...)
Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")
Fix availability: None.
Work-arounds advised: None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure August 2, 2010
-- Rapid7 Customer Protection: Rapid7 NeXpose customers have access to a vulnerability check for this flaw as of the latest update. More information about this check can be found online at:
http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed
-- Vulnerability Details: This vulnerability allows remote attackers to read memory, write memory, execute code, and ultimately take complete control of the affected device. This issue affects over 100 different vendors and a multitude of products, both shipping and end-of-life. A spreadsheet of identified products affected by this flaw can be found at the URL below. This index is not comprehensive and not all devices found are still supported.
http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls
This flaw occurs due to an insecure setting in the configuration file of the manufacturer's source code. This setting results in a system- debug service being exposed on UDP port 17185. This service does not require authentication to access. More information about this issue can be found at the Metasploit blog:
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
-- Vendor Response: Wind River Systems has notified their customers of the issue and indicated that the WDB agent should be disabled for production builds. CERT has notified every vendor with an identified, shipping product containing this vulnerability. Responses for each specific vendor can be found in the CERT advisory:
http://www.kb.cert.org/vuls/id/362332
-- Disclosure Timeline: 2010-06-02 - Vulnerability reported to CERT for vendor notification 2010-08-02 - Coordinated public release of advisory
-- Credit: This vulnerability had been discovered in specific devices in multiple instances, first by Bennett Todd in 2002 and then Shawn Merdinger in 2005. A comprehensive analysis of all affected devices was conducted by HD Moore in 2010.
-- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
http://www.rapid7.com/disclosure.jsp
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5.5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.4"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6"
},
{
"model": "vxworks",
"scope": "lte",
"trust": 1.0,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "vxworks",
"scope": "lt",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9"
},
{
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "windriver",
"version": "6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kvnjs",
"sources": [
{
"db": "PACKETSTORM",
"id": "128512"
}
],
"trust": 0.1
},
"cve": "CVE-2010-2967",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-2967",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3889",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-2967",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2010-3889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. -VxWorks The WDB target agent runs as a task in VxWorks, which is an optional component in the VxWorks configuration that is enabled by default. The WDB Target Agent Debug Service provides read/write access to device memory, allowing calls to functions. It is recommended to reconfigure VxWorks that contain the components required for operations and build the appropriate system image type. It is recommended to remove the WEB target proxy and debug components (INCLUDE_WDB and INCLUDE_DEBUG) and other operating system components that do not need to support the client application. - The HASK algorithm for the standard authentication API under VxWorks is vulnerable to collisions, and attackers with known usernames can access (telnet, rlogin or FTP) services using a standard authentication API (loginDefaultEncrypt(), part of loginLib) in a relative The brute force password is cracked in a short period of time. Since the HASH algorithm is vulnerable to collision, it is not necessary to find the actual password, as long as a string is used to generate the same HASH. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n * All TP-Link VxWorks-based devices (confirmed by vendor)\n * All \"2-series\" switches (confirmed by vendor)\n * TL-SG2008 semi-managed switch (confirmed by vendor)\n * TL-SG2216 semi-managed switch (confirmed by vendor)\n * TL-SG2424 semi-managed switch (confirmed by vendor)\n * TL-SG2424P semi-managed switch (confirmed by vendor)\n * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n at the very least:\n * CVE-2013-0716 (confirmed by vendor)\n * CVE-2013-0715 (confirmed by vendor)\n * CVE-2013-0714 (confirmed by vendor)\n * CVE-2013-0713 (confirmed by vendor)\n * CVE-2013-0712 (confirmed by vendor)\n * CVE-2013-0711 (confirmed by vendor)\n * CVE-2010-2967 (confirmed by vendor)\n * CVE-2010-2966 (confirmed by vendor)\n * CVE-2008-2476 (confirmed by vendor)\n * SSLv2 is available and cannot be disabled unless HTTPS is\n completely disabled (allows downgrade attacks)\n (confirmed by vendor)\n * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n be disabled (allows downgrade attacks)\n (confirmed by vendor)\n\nDesign flaws:\n * Telnet is available and cannot be disabled (confirmed by vendor)\n * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n TP-Link are not convinced that these flaws should be repaired. \n\n TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n intermittently. Most emails bounced. Lost contact with vendor, but\n did confirm that development lead is now on holiday and will not\n return for at least a week. \n\n Initial vendor reaction was to recommend purchase of \"3-series\"\n switches. Vendor did not offer reasons why \"3-series\" switches would\n be more secure, apart from lack of telnet service. Vendor confirmed\n that no development time can be allocated to securing \"2-series\"\n product and all focus has shifted to newer products. \n\n (TL-SG2008 first product availability July 2014...)\n\n Vendor deeply confused about security of DES/3DES, MD5, claimed that\n all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n have different security level.\")\n\nFix availability:\n None. \n\nWork-arounds advised:\n None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure\nAugust 2, 2010\n\n-- Rapid7 Customer Protection:\nRapid7 NeXpose customers have access to a vulnerability check for this\nflaw as of the latest update. More information about this check can be\nfound online at:\n\n http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed\n\n-- Vulnerability Details:\nThis vulnerability allows remote attackers to read memory, write memory,\nexecute code, and ultimately take complete control of the affected\ndevice. This issue affects over 100 different vendors and a multitude of\nproducts, both shipping and end-of-life. A spreadsheet of identified\nproducts affected by this flaw can be found at the URL below. This index\nis not comprehensive and not all devices found are still supported. \n\n http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls\n\nThis flaw occurs due to an insecure setting in the configuration file of\nthe manufacturer\u0027s source code. This setting results in a system- debug\nservice being exposed on UDP port 17185. This service does not require\nauthentication to access. More information about this issue can be found\nat the Metasploit blog:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nindicated that the WDB agent should be disabled for production builds. \nCERT has notified every vendor with an identified, shipping product\ncontaining this vulnerability. Responses for each specific vendor can be\nfound in the CERT advisory:\n\n http://www.kb.cert.org/vuls/id/362332\n\n-- Disclosure Timeline:\n2010-06-02 - Vulnerability reported to CERT for vendor notification\n2010-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability had been discovered in specific devices in multiple\ninstances, first by Bennett Todd in 2002 and then Shawn Merdinger in\n2005. A comprehensive analysis of all affected devices was conducted by\nHD Moore in 2010. \n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2967",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#840249",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2010-1489",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2010-3889",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#362332",
"trust": 0.7
},
{
"db": "BID",
"id": "42114",
"trust": 0.6
},
{
"db": "IVD",
"id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "0183E958-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D753CB1-463F-11E9-876D-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92448",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"id": "VAR-201008-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
}
],
"trust": 2.48058823
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
},
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
}
]
},
"last_update_date": "2024-07-23T20:50:25.420000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.windriver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"trust": 2.3,
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2967"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/362332http"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
},
{
"trust": 0.1,
"url": "http://tp-link.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/disclosure.jsp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/362332"
},
{
"trust": 0.1,
"url": "http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed"
},
{
"trust": 0.1,
"url": "http://www.metasploit.com/data/confs/bsideslv2010/vxworksdevices.xls"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92448"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-03T00:00:00",
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-03T00:00:00",
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2010-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2014-10-01T10:11:11",
"db": "PACKETSTORM",
"id": "128512"
},
{
"date": "2010-08-03T17:02:02",
"db": "PACKETSTORM",
"id": "92448"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T13:22:29.857000",
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2010-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2010-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T13:22:29.857000",
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River VxWorks loginDefaultEncrypt Algorithm encryption problem vulnerability",
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.