Vulnerability Description
Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Windriver | Vxworks | <= 6.9.4.1 |
Related Weaknesses (CWE)
References
- http://blogs.windriver.com/wind_river_blog/2015/09/wind-river-vxworks-updateclarVendor Advisory
- http://www.securityfocus.com/bid/79205Third Party AdvisoryVDB Entry
- https://kb.netapp.com/support/s/article/cve-2015-7599-vxworks-vulnerability-impaVendor Advisory
- https://security.netapp.com/advisory/ntap-20151029-0001/
- https://www.syscan360.org/slides/2015_EN_AttackingVxWorksFromstoneagetointerstelTechnical DescriptionThird Party Advisory
- http://blogs.windriver.com/wind_river_blog/2015/09/wind-river-vxworks-updateclarVendor Advisory
- http://www.securityfocus.com/bid/79205Third Party AdvisoryVDB Entry
- https://kb.netapp.com/support/s/article/cve-2015-7599-vxworks-vulnerability-impaVendor Advisory
- https://security.netapp.com/advisory/ntap-20151029-0001/
- https://www.syscan360.org/slides/2015_EN_AttackingVxWorksFromstoneagetointerstelTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2015-7599?
CVE-2015-7599 is a vulnerability with a CVSS score of 8.1 (HIGH). Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a den...
How severe is CVE-2015-7599?
CVE-2015-7599 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7599?
Check the references section above for vendor advisories and patch information. Affected products include: Windriver Vxworks.