Skip to main content

Vxworks CVE-2015-7599

HIGH
Integer Overflow or Wraparound (CWE-190)
2017-02-07 cve@mitre.org
8.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 07, 2017 - 17:59 cve.org
HIGH 8.1

DescriptionCVE.org

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.

AnalysisAI

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. Affected products include: Windriver Vxworks. Version information: through 6.9.4.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2019-12255 CRITICAL POC
9.8 Aug 09

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). Rated critical severity (CVSS 9.8), this v

CVE-2023-38346 HIGH POC
8.8 Sep 22

An issue was discovered in Wind River VxWorks 6.9 and 7. Rated high severity (CVSS 8.8), this vulnerability is remotely

CVE-2013-0714 CRITICAL
10.0 Mar 20

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or ca

CVE-2019-12258 HIGH POC
7.5 Aug 09

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. Rated high severity (CVSS 7.5), this vulne

CVE-2021-29999 CRITICAL
9.8 Apr 13

An issue was discovered in Wind River VxWorks through 6.8. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2021-29998 CRITICAL
9.8 Apr 13

An issue was discovered in Wind River VxWorks before 6.5. Rated critical severity (CVSS 9.8), this vulnerability is remo

CVE-2019-12262 CRITICAL
9.8 Aug 14

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. Rated critical se

CVE-2019-12261 CRITICAL
9.8 Aug 09

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). Rated critical seve

CVE-2019-12260 CRITICAL
9.8 Aug 09

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). Rated critical severity (CVSS

CVE-2019-12256 CRITICAL
9.8 Aug 09

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. Rated critical severity (CVSS 9.8), this vul

CVE-2019-12257 HIGH
8.8 Aug 09

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. Rated high severity (CVSS 8.8), t

CVE-2013-0711 HIGH
7.8 Mar 20

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (d

Share

CVE-2015-7599 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy