CVE-2010-2967Vxworks vulnerability

CWE-3103 documents3 sources
Severity
7.8HIGHNVD
EPSS
1.6%
top 18.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Windriver Vxworks
Timeline
PublishedAug 5
Latest updateMay 17

Description

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6f67-xh36-3q73: The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 62022-05-17
CVEList
CVE-2010-2967: The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 62010-08-04
CVE-2010-2967 — Windriver Vxworks vulnerability | cvebase