Search
Find a vulnerability
Search criteria
8 vulnerabilities by Wind River Systems
CVE-2025-26500 (GCVE-0-2025-26500)
Vulnerability from nvd – Published: 2025-03-21 22:20 – Updated: 2025-03-24 13:19
VLAI
Title
VxWorks 7 USB Failure
Summary
: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.
Specifically crafted USB packets may lead to the system becoming unavailable
This issue affects VxWorks 7: from 22.06 through 24.03.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wind River Systems | VxWorks 7 |
Affected:
22.06 , ≤ 24.03
(date)
|
Date Public
2025-03-17 23:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T13:19:25.092364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T13:19:36.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"VxWorks"
],
"product": "VxWorks 7",
"vendor": "Wind River Systems",
"versions": [
{
"lessThanOrEqual": "24.03",
"status": "affected",
"version": "22.06",
"versionType": "date"
}
]
}
],
"datePublic": "2025-03-17T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.\u0026nbsp;\u0026nbsp;\n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\n\u003cp\u003eThis issue affects VxWorks 7: from 22.06 through 24.03.\u003c/p\u003e"
}
],
"value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.\u00a0\u00a0\n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\nThis issue affects VxWorks 7: from 22.06 through 24.03."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "None that are known.\u0026nbsp;"
}
],
"value": "None that are known."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T22:20:36.101Z",
"orgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8",
"shortName": "WindRiver"
},
"references": [
{
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26500"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support2.windriver.com/index.php?page=cve\u0026amp;on=view\u0026amp;id=CVE-2025-26500\"\u003ehttps://support2.windriver.com/index.php?page=cve\u0026amp;on=view\u0026amp;id=CVE-2025-26500\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26500"
}
],
"source": {
"advisory": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE",
"defect": [
"Internal Testing"
],
"discovery": "INTERNAL"
},
"title": "VxWorks 7 USB Failure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8",
"assignerShortName": "WindRiver",
"cveId": "CVE-2025-26500",
"datePublished": "2025-03-21T22:20:36.101Z",
"dateReserved": "2025-02-11T20:11:10.092Z",
"dateUpdated": "2025-03-24T13:19:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26500 (GCVE-0-2025-26500)
Vulnerability from cvelistv5 – Published: 2025-03-21 22:20 – Updated: 2025-03-24 13:19
VLAI
Title
VxWorks 7 USB Failure
Summary
: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.
Specifically crafted USB packets may lead to the system becoming unavailable
This issue affects VxWorks 7: from 22.06 through 24.03.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wind River Systems | VxWorks 7 |
Affected:
22.06 , ≤ 24.03
(date)
|
Date Public
2025-03-17 23:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T13:19:25.092364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T13:19:36.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"VxWorks"
],
"product": "VxWorks 7",
"vendor": "Wind River Systems",
"versions": [
{
"lessThanOrEqual": "24.03",
"status": "affected",
"version": "22.06",
"versionType": "date"
}
]
}
],
"datePublic": "2025-03-17T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.\u0026nbsp;\u0026nbsp;\n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\n\u003cp\u003eThis issue affects VxWorks 7: from 22.06 through 24.03.\u003c/p\u003e"
}
],
"value": ": Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.\u00a0\u00a0\n\nSpecifically crafted USB packets may lead to the system becoming unavailable\n\nThis issue affects VxWorks 7: from 22.06 through 24.03."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "None that are known.\u0026nbsp;"
}
],
"value": "None that are known."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T22:20:36.101Z",
"orgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8",
"shortName": "WindRiver"
},
"references": [
{
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26500"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support2.windriver.com/index.php?page=cve\u0026amp;on=view\u0026amp;id=CVE-2025-26500\"\u003ehttps://support2.windriver.com/index.php?page=cve\u0026amp;on=view\u0026amp;id=CVE-2025-26500\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26500"
}
],
"source": {
"advisory": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE",
"defect": [
"Internal Testing"
],
"discovery": "INTERNAL"
},
"title": "VxWorks 7 USB Failure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8",
"assignerShortName": "WindRiver",
"cveId": "CVE-2025-26500",
"datePublished": "2025-03-21T22:20:36.101Z",
"dateReserved": "2025-02-11T20:11:10.092Z",
"dateUpdated": "2025-03-24T13:19:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2013-000023
Vulnerability from jvndb - Published: 2013-03-18 14:43 - Updated:2013-06-25 18:15Summary
VxWorks Web Server vulnerable to denial-of-service (DoS)
Details
The VxWorks Web Server contains a denial-of-service vulnerability.
The VxWorks Web Server contains a denial-of-service (DoS) vulnerability.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000023.html",
"dc:date": "2013-06-25T18:15+09:00",
"dcterms:issued": "2013-03-18T14:43+09:00",
"dcterms:modified": "2013-06-25T18:15+09:00",
"description": "The VxWorks Web Server contains a denial-of-service vulnerability.\r\n\r\nThe VxWorks Web Server contains a denial-of-service (DoS) vulnerability.\r\n\r\nHisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000023.html",
"sec:cpe": {
"#text": "cpe:/o:windriver:vxworks",
"@product": "VxWorks",
"@vendor": "Wind River Systems",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000023",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN41022517/index.html",
"@id": "JVN#41022517",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0716",
"@id": "CVE-2013-0716",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0716",
"@id": "CVE-2013-0716",
"@source": "NVD"
},
{
"#text": "http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01",
"@id": "ICSA-13-091-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VxWorks Web Server vulnerable to denial-of-service (DoS)"
}
JVNDB-2013-000022
Vulnerability from jvndb - Published: 2013-03-18 14:40 - Updated:2013-06-25 18:10Summary
VxWorks WebCLI vulnerable to denial-of-service (DoS)
Details
The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability.
The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability due to an issue in parsing command strings.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000022.html",
"dc:date": "2013-06-25T18:10+09:00",
"dcterms:issued": "2013-03-18T14:40+09:00",
"dcterms:modified": "2013-06-25T18:10+09:00",
"description": "The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability.\r\n\r\nThe VxWorks WebCLI contains a denial-of-service (DoS) vulnerability due to an issue in parsing command strings.\r\n\r\nHisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000022.html",
"sec:cpe": {
"#text": "cpe:/o:windriver:vxworks",
"@product": "VxWorks",
"@vendor": "Wind River Systems",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000022",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65923092/index.html",
"@id": "JVN#65923092",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0715",
"@id": "CVE-2013-0715",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0715",
"@id": "CVE-2013-0715",
"@source": "NVD"
},
{
"#text": "http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01",
"@id": "ICSA-13-091-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VxWorks WebCLI vulnerable to denial-of-service (DoS)"
}
JVNDB-2013-000021
Vulnerability from jvndb - Published: 2013-03-18 14:38 - Updated:2013-06-25 18:06Summary
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Details
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing authentication requests.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000021.html",
"dc:date": "2013-06-25T18:06+09:00",
"dcterms:issued": "2013-03-18T14:38+09:00",
"dcterms:modified": "2013-06-25T18:06+09:00",
"description": "The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.\r\n\r\nThe SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing authentication requests.\r\n\r\nHisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000021.html",
"sec:cpe": {
"#text": "cpe:/o:windriver:vxworks",
"@product": "VxWorks",
"@vendor": "Wind River Systems",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000021",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20671901/index.html",
"@id": "JVN#20671901",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0714",
"@id": "CVE-2013-0714",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0714",
"@id": "CVE-2013-0714",
"@source": "NVD"
},
{
"#text": "http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01",
"@id": "ICSA-13-091-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability"
}
JVNDB-2013-000018
Vulnerability from jvndb - Published: 2013-03-18 14:33 - Updated:2013-06-25 17:54Summary
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Details
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in processing authentication requests.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000018.html",
"dc:date": "2013-06-25T17:54+09:00",
"dcterms:issued": "2013-03-18T14:33+09:00",
"dcterms:modified": "2013-06-25T17:54+09:00",
"description": "The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.\r\n\r\nThe SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in processing authentication requests.\r\n\r\nHisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000018.html",
"sec:cpe": {
"#text": "cpe:/o:windriver:vxworks",
"@product": "VxWorks",
"@vendor": "Wind River Systems",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000018",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN45545972/index.html",
"@id": "JVN#45545972",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0711",
"@id": "CVE-2013-0711",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0711",
"@id": "CVE-2013-0711",
"@source": "NVD"
},
{
"#text": "http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01",
"@id": "ICSA-13-091-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability"
}
JVNDB-2013-000019
Vulnerability from jvndb - Published: 2013-03-18 14:32 - Updated:2013-06-25 17:57Summary
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Details
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing directly after the SSH connection is established.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000019.html",
"dc:date": "2013-06-25T17:57+09:00",
"dcterms:issued": "2013-03-18T14:32+09:00",
"dcterms:modified": "2013-06-25T17:57+09:00",
"description": "The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.\r\n\r\nThe SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing directly after the SSH connection is established.\r\n\r\nHisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000019.html",
"sec:cpe": {
"#text": "cpe:/o:windriver:vxworks",
"@product": "VxWorks",
"@vendor": "Wind River Systems",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000019",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01611135/index.html",
"@id": "JVN#01611135",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0712",
"@id": "CVE-2013-0712",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0712",
"@id": "CVE-2013-0712",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability"
}
JVNDB-2013-000020
Vulnerability from jvndb - Published: 2013-03-18 14:30 - Updated:2013-06-25 18:01Summary
VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability
Details
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.
The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests.
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000020.html",
"dc:date": "2013-06-25T18:01+09:00",
"dcterms:issued": "2013-03-18T14:30+09:00",
"dcterms:modified": "2013-06-25T18:01+09:00",
"description": "The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability.\r\n\r\nThe SSH server (IPSSH) implementation in VxWorks contains a denial-of-service vulnerability due to an issue in processing pty requests.\r\n\r\nHisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000020.html",
"sec:cpe": {
"#text": "cpe:/o:windriver:vxworks",
"@product": "VxWorks",
"@vendor": "Wind River Systems",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000020",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN52492830/index.html",
"@id": "JVN#52492830",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0713",
"@id": "CVE-2013-0713",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0713",
"@id": "CVE-2013-0713",
"@source": "NVD"
},
{
"#text": "http://ics-cert.us-cert.gov/advisories/ICSA-13-091-01",
"@id": "ICSA-13-091-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability"
}