Nexpose Vulnerability Database
VxWorks Remote Debug Service Exposed
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Critical (8) | 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 21, 2005 | Jul 7, 2010 | Mar 2, 2011 |
Description:
Certain VxWorks-based products ship with the remote debugging service enabled. This service provides remote access to the processor and memory of the device, which can be abused by an attacker to compromise the device or gather sensitive information.
References:
- BID: http://www.securityfocus.com/bid/15456
- BID: http://www.securityfocus.com/bid/15475
- CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3715
- CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3804
- SECUNIA: http://secunia.com/advisories/17604/
- SECUNIA: http://secunia.com/advisories/17606/
- XF: http://xforce.iss.net/xforce/xfdb/23068
Solution:
- Upgrade the device firmware to a fixed release
Contact your vendor for an updated firmware version.
- Restrict access to UDP port 17185
Apply ACLs, firewall rules or otherwise restrict access to UDP port 17185.
Information on these pages is summary information extracted from the Nexpose Vulnerabilty Assessment system. Full details are provided within the Nexpose product for licensed users.
