CVE-2010-2966Vxworks vulnerability

CWE-2554 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 38.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Windriver Vxworks
Timeline
PublishedAug 5
Latest updateMay 17

Description

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-pgq6-mhrf-p3r5: The INCLUDE_SECURITY functionality in Wind River VxWorks 62022-05-17
CVEList
CVE-2010-2966: The INCLUDE_SECURITY functionality in Wind River VxWorks 62010-08-04

💥Exploits & PoCs

1
Exploit-DB
Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)2009-08-28
CVE-2010-2966 — Windriver Vxworks vulnerability | cvebase