Search

Find a vulnerability

Search criteria

    99 vulnerabilities by ericsson

    CVE-2025-59174 (GCVE-0-2025-59174)

    Vulnerability from nvd – Published: 2026-06-05 13:44 – Updated: 2026-06-05 20:09
    VLAI
    Summary
    Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-228 - Improper Handling of Syntactically Invalid Structure
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Controller Affected: 0 , < 1.39 (custom)
    Create a notification for this product.
    Date Public
    2026-06-02 11:12
    Credits
    The UK Telecoms Lab (UKTL) The UK’s National Cyber Security Centre (NCSC)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:09:12.098289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:09:18.706Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Packet Core Controller",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.39",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK Telecoms Lab (UKTL)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK\u2019s National Cyber Security Centre (NCSC)"
            }
          ],
          "datePublic": "2026-06-02T11:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation."
                }
              ],
              "value": "Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-228",
                  "description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T13:44:39.149Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://ericsson.com/en/about-us/security/psirt/CVE-2025-59174"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-59174",
        "datePublished": "2026-06-05T13:44:39.149Z",
        "dateReserved": "2025-09-10T13:24:49.360Z",
        "dateUpdated": "2026-06-05T20:09:18.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25659 (GCVE-0-2026-25659)

    Vulnerability from nvd – Published: 2026-06-05 11:08 – Updated: 2026-06-05 20:11
    VLAI
    Title
    Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
    Summary
    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper handling of missing values
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
    Create a notification for this product.
    Credits
    Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:11:16.225932Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:11:23.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Gateway (PCG)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEricsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u0026nbsp;\u003cspan\u003eThe impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "CWE-230 Improper handling of missing values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:08:39.929Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25659"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25659",
        "datePublished": "2026-06-05T11:08:39.929Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-06-05T20:11:23.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25658 (GCVE-0-2026-25658)

    Vulnerability from nvd – Published: 2026-06-05 11:06 – Updated: 2026-06-05 20:11
    VLAI
    Title
    Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
    Summary
    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper handling of missing values
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
    Create a notification for this product.
    Credits
    Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:11:36.044286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:11:42.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Gateway (PCG)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEricsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u0026nbsp;\u003cspan\u003eThe impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "CWE-230 Improper handling of missing values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:06:27.504Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25658"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25658",
        "datePublished": "2026-06-05T11:06:27.504Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-06-05T20:11:42.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25657 (GCVE-0-2026-25657)

    Vulnerability from nvd – Published: 2026-06-05 11:03 – Updated: 2026-06-05 20:11
    VLAI
    Title
    Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability
    Summary
    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
    Create a notification for this product.
    Credits
    Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:11:51.419993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:11:57.051Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Gateway (PCG)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEricsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/p\u003e"
                }
              ],
              "value": "Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-228",
                  "description": "CWE-228",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:03:02.273Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25657"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25657",
        "datePublished": "2026-06-05T11:03:02.273Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-06-05T20:11:57.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25660 (GCVE-0-2026-25660)

    Vulnerability from nvd – Published: 2026-04-24 13:10 – Updated: 2026-04-24 13:51 X_Open Source
    VLAI
    Title
    Authentication bypass for certain API calls
    Summary
    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication bypass by spoofing
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ericsson CodeChecker Affected: 0 , ≤ 6.27.3 (python)
    Create a notification for this product.
    Credits
    Scott Tolley
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T13:50:59.651031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T13:51:11.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CodeChecker",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "6.27.4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "6.27.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Scott Tolley"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \u003c/span\u003e\u003cbr\u003e\u003cp\u003eAuthentication bypass occurs when the URL ends with Authentication with certain function calls.\u0026nbsp; This bypass allows assigning arbitrary permission to any user existing in CodeChecker.\u003c/p\u003e\u003cp\u003eThis issue affects CodeChecker: through 6.27.3.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the URL ends with Authentication with certain function calls.\u00a0 This bypass allows assigning arbitrary permission to any user existing in CodeChecker.\n\nThis issue affects CodeChecker: through 6.27.3."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication bypass by spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-24T13:10:26.171Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Authentication bypass for certain API calls",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25660",
        "datePublished": "2026-04-24T13:10:26.171Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-04-24T13:51:11.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-53828 (GCVE-0-2024-53828)

    Vulnerability from nvd – Published: 2026-04-01 09:49 – Updated: 2026-04-01 12:39
    VLAI
    Title
    Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability
    Summary
    Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Controller (PCC) Affected: 0 , < 1.38 (1.38)
    Create a notification for this product.
    Credits
    The UK’s National Cyber Security Centre (NCSC) The UK Telecoms Lab (UKTL)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T12:39:12.844626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T12:39:41.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Controller (PCC)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.38",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.38",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.38"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK\u2019s National Cyber Security Centre (NCSC)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK Telecoms Lab (UKTL)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."
                }
              ],
              "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-228",
                  "description": "CWE-228",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T09:49:18.214Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-53828"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2024-53828",
        "datePublished": "2026-04-01T09:49:18.214Z",
        "dateReserved": "2024-11-22T14:21:37.002Z",
        "dateUpdated": "2026-04-01T12:39:41.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40842 (GCVE-0-2025-40842)

    Vulnerability from nvd – Published: 2026-03-25 13:10 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:02.789000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:10.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:15:53.253Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40842"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40842",
        "datePublished": "2026-03-25T13:10:44.010Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:10.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40841 (GCVE-0-2025-40841)

    Vulnerability from nvd – Published: 2026-03-25 13:07 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:36.014812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:45.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site request forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:17:23.852Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Cross-Site Request Forgery  Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40841",
        "datePublished": "2026-03-25T13:07:53.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:45.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27260 (GCVE-0-2025-27260)

    Vulnerability from nvd – Published: 2026-03-25 12:54 – Updated: 2026-03-25 13:50
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:50:26.371520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:50:33.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u0026nbsp;vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
                }
              ],
              "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-790",
                  "description": "CWE-790",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:18:23.060Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27260",
        "datePublished": "2026-03-25T12:54:46.406Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2026-03-25T13:50:33.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40843 (GCVE-0-2025-40843)

    Vulnerability from nvd – Published: 2025-10-28 18:49 – Updated: 2025-10-28 19:30 X_Open Source
    VLAI
    Title
    Buffer overflow in CodeChecker log command
    Summary
    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack based buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ericsson CodeChecker Affected: 0 , ≤ 6.26.1 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40843",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T19:30:15.826239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T19:30:25.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "CodeChecker",
              "vendor": "Ericsson",
              "versions": [
                {
                  "lessThanOrEqual": "6.26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \u003c/span\u003e\u003cbr\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eCodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal \u003ccode\u003eldlogger\u003c/code\u003e\u0026nbsp;library, which is executed by the \u003ccode\u003eCodeChecker log\u003c/code\u003e\u0026nbsp;command.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects CodeChecker: through 6.26.1.\u003c/p\u003e"
                }
              ],
              "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \n\n\n\n\nCodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger\u00a0library, which is executed by the CodeChecker log\u00a0command.\n\n\n\n\n\nThis issue affects CodeChecker: through 6.26.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T18:49:49.516Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Buffer overflow in CodeChecker log command",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40843",
        "datePublished": "2025-10-28T18:49:49.516Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-10-28T19:30:25.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27259 (GCVE-0-2025-27259)

    Vulnerability from nvd – Published: 2025-10-13 06:16 – Updated: 2025-10-14 16:06
    VLAI
    Title
    Ericsson Network Manager: improper neutralization of user controlled input
    Summary
    Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Ericsson Network Manager(ENM) Affected: 0 , < all versions prior to 25.2 (custom)
    Create a notification for this product.
    Date Public
    2025-10-10 07:31
    Credits
    Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T16:01:04.095742Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T16:06:38.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ericsson Network Manager(ENM)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "Version 25.2 or later",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "all versions prior to 25.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli"
            }
          ],
          "datePublic": "2025-10-10T07:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. \u0026nbsp;\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:16:37.104Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Network Manager: improper neutralization of user controlled input",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27259",
        "datePublished": "2025-10-13T06:16:37.104Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2025-10-14T16:06:38.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27258 (GCVE-0-2025-27258)

    Vulnerability from nvd – Published: 2025-10-13 06:25 – Updated: 2025-10-14 15:29
    VLAI
    Title
    Ericsson Network Manager: escalation of privilege vulnerability
    Summary
    Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Ericsson Network Manager(ENM) Affected: 0 , < 25.1 (custom)
    Create a notification for this product.
    Date Public
    2025-10-10 07:31
    Credits
    Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T15:29:36.817155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T15:29:59.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ericsson Network Manager(ENM)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "Version 25.1 or later",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli"
            }
          ],
          "datePublic": "2025-10-10T07:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:25:32.326Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Network Manager: escalation of privilege vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27258",
        "datePublished": "2025-10-13T06:25:32.326Z",
        "dateReserved": "2025-02-21T08:58:20.366Z",
        "dateUpdated": "2025-10-14T15:29:59.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0636 (GCVE-0-2025-0636)

    Vulnerability from nvd – Published: 2025-10-13 06:26 – Updated: 2025-10-14 13:25
    VLAI
    Title
    Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller
    Summary
    EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Date Public
    2025-10-10 06:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T13:25:34.279595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T13:25:42.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Site Controller 6610",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "S24.Q2, S24.Q3.1 S24.Q4 S25.Q1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "S24.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAN Compute (all BB versions)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "4.Q1.C5 24.Q2 24.Q3 24.Q4 25.Q1 RCG123.1 RCG123.2 RCG123.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.Q1.C5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-10-10T06:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. \u0026nbsp; \u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:26:16.829Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2025-0636"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-0636",
        "datePublished": "2025-10-13T06:26:16.829Z",
        "dateReserved": "2025-01-22T10:46:30.753Z",
        "dateUpdated": "2025-10-14T13:25:42.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40838 (GCVE-0-2025-40838)

    Vulnerability from nvd – Published: 2025-09-25 14:54 – Updated: 2025-09-30 12:15
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:16.433331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:09.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:15:44.492Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40838",
        "datePublished": "2025-09-25T14:54:43.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:15:44.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-59174 (GCVE-0-2025-59174)

    Vulnerability from cvelistv5 – Published: 2026-06-05 13:44 – Updated: 2026-06-05 20:09
    VLAI
    Summary
    Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-228 - Improper Handling of Syntactically Invalid Structure
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Controller Affected: 0 , < 1.39 (custom)
    Create a notification for this product.
    Date Public
    2026-06-02 11:12
    Credits
    The UK Telecoms Lab (UKTL) The UK’s National Cyber Security Centre (NCSC)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:09:12.098289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:09:18.706Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Packet Core Controller",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.39",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.39",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK Telecoms Lab (UKTL)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK\u2019s National Cyber Security Centre (NCSC)"
            }
          ],
          "datePublic": "2026-06-02T11:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation."
                }
              ],
              "value": "Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-228",
                  "description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T13:44:39.149Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://ericsson.com/en/about-us/security/psirt/CVE-2025-59174"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-59174",
        "datePublished": "2026-06-05T13:44:39.149Z",
        "dateReserved": "2025-09-10T13:24:49.360Z",
        "dateUpdated": "2026-06-05T20:09:18.706Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25659 (GCVE-0-2026-25659)

    Vulnerability from cvelistv5 – Published: 2026-06-05 11:08 – Updated: 2026-06-05 20:11
    VLAI
    Title
    Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
    Summary
    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper handling of missing values
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
    Create a notification for this product.
    Credits
    Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:11:16.225932Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:11:23.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Gateway (PCG)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEricsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u0026nbsp;\u003cspan\u003eThe impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "CWE-230 Improper handling of missing values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:08:39.929Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25659"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25659",
        "datePublished": "2026-06-05T11:08:39.929Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-06-05T20:11:23.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25658 (GCVE-0-2026-25658)

    Vulnerability from cvelistv5 – Published: 2026-06-05 11:06 – Updated: 2026-06-05 20:11
    VLAI
    Title
    Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
    Summary
    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper handling of missing values
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
    Create a notification for this product.
    Credits
    Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:11:36.044286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:11:42.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Gateway (PCG)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEricsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u0026nbsp;\u003cspan\u003eThe impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "CWE-230 Improper handling of missing values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:06:27.504Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25658"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25658",
        "datePublished": "2026-06-05T11:06:27.504Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-06-05T20:11:42.365Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25657 (GCVE-0-2026-25657)

    Vulnerability from cvelistv5 – Published: 2026-06-05 11:03 – Updated: 2026-06-05 20:11
    VLAI
    Title
    Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability
    Summary
    Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Gateway (PCG) Affected: 0 , < 1.30 (1.30)
    Create a notification for this product.
    Credits
    Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:11:51.419993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:11:57.051Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Gateway (PCG)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.30",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.30"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eEricsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.\u003c/p\u003e"
                }
              ],
              "value": "Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-228",
                  "description": "CWE-228",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:03:02.273Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25657"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25657",
        "datePublished": "2026-06-05T11:03:02.273Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-06-05T20:11:57.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25660 (GCVE-0-2026-25660)

    Vulnerability from cvelistv5 – Published: 2026-04-24 13:10 – Updated: 2026-04-24 13:51 X_Open Source
    VLAI
    Title
    Authentication bypass for certain API calls
    Summary
    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication bypass by spoofing
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ericsson CodeChecker Affected: 0 , ≤ 6.27.3 (python)
    Create a notification for this product.
    Credits
    Scott Tolley
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-24T13:50:59.651031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-24T13:51:11.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CodeChecker",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "6.27.4",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "6.27.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Scott Tolley"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \u003c/span\u003e\u003cbr\u003e\u003cp\u003eAuthentication bypass occurs when the URL ends with Authentication with certain function calls.\u0026nbsp; This bypass allows assigning arbitrary permission to any user existing in CodeChecker.\u003c/p\u003e\u003cp\u003eThis issue affects CodeChecker: through 6.27.3.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nAuthentication bypass occurs when the URL ends with Authentication with certain function calls.\u00a0 This bypass allows assigning arbitrary permission to any user existing in CodeChecker.\n\nThis issue affects CodeChecker: through 6.27.3."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication bypass by spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-24T13:10:26.171Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Authentication bypass for certain API calls",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2026-25660",
        "datePublished": "2026-04-24T13:10:26.171Z",
        "dateReserved": "2026-02-04T12:41:54.869Z",
        "dateUpdated": "2026-04-24T13:51:11.174Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-53828 (GCVE-0-2024-53828)

    Vulnerability from cvelistv5 – Published: 2026-04-01 09:49 – Updated: 2026-04-01 12:39
    VLAI
    Title
    Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability
    Summary
    Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Packet Core Controller (PCC) Affected: 0 , < 1.38 (1.38)
    Create a notification for this product.
    Credits
    The UK’s National Cyber Security Centre (NCSC) The UK Telecoms Lab (UKTL)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-53828",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T12:39:12.844626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T12:39:41.380Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Packet Core Controller (PCC)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.38",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.38",
                  "status": "affected",
                  "version": "0",
                  "versionType": "1.38"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK\u2019s National Cyber Security Centre (NCSC)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "The UK Telecoms Lab (UKTL)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."
                }
              ],
              "value": "Ericsson Packet Core Controller (PCC) versions prior\nto 1.38 contain a vulnerability where an attacker sending a large volume of\nspecially crafted messages may cause service degradation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-228",
                  "description": "CWE-228",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T09:49:18.214Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2024-53828"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Packet Core Controller (PCC) - Improper Handling of Syntactically Invalid Structure Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2024-53828",
        "datePublished": "2026-04-01T09:49:18.214Z",
        "dateReserved": "2024-11-22T14:21:37.002Z",
        "dateUpdated": "2026-04-01T12:39:41.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40842 (GCVE-0-2025-40842)

    Vulnerability from cvelistv5 – Published: 2026-03-25 13:10 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:02.789000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:10.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:15:53.253Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40842"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40842",
        "datePublished": "2026-03-25T13:10:44.010Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:10.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40841 (GCVE-0-2025-40841)

    Vulnerability from cvelistv5 – Published: 2026-03-25 13:07 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:36.014812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:45.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site request forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:17:23.852Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Cross-Site Request Forgery  Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40841",
        "datePublished": "2026-03-25T13:07:53.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:45.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27260 (GCVE-0-2025-27260)

    Vulnerability from cvelistv5 – Published: 2026-03-25 12:54 – Updated: 2026-03-25 13:50
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:50:26.371520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:50:33.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u0026nbsp;vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
                }
              ],
              "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-790",
                  "description": "CWE-790",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:18:23.060Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27260",
        "datePublished": "2026-03-25T12:54:46.406Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2026-03-25T13:50:33.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40843 (GCVE-0-2025-40843)

    Vulnerability from cvelistv5 – Published: 2025-10-28 18:49 – Updated: 2025-10-28 19:30 X_Open Source
    VLAI
    Title
    Buffer overflow in CodeChecker log command
    Summary
    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack based buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ericsson CodeChecker Affected: 0 , ≤ 6.26.1 (python)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40843",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T19:30:15.826239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T19:30:25.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "CodeChecker",
              "vendor": "Ericsson",
              "versions": [
                {
                  "lessThanOrEqual": "6.26.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "python"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \u003c/span\u003e\u003cbr\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eCodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal \u003ccode\u003eldlogger\u003c/code\u003e\u0026nbsp;library, which is executed by the \u003ccode\u003eCodeChecker log\u003c/code\u003e\u0026nbsp;command.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects CodeChecker: through 6.26.1.\u003c/p\u003e"
                }
              ],
              "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \n\n\n\n\nCodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger\u00a0library, which is executed by the CodeChecker log\u00a0command.\n\n\n\n\n\nThis issue affects CodeChecker: through 6.26.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T18:49:49.516Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-5xf2-f6ch-6p8r"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Buffer overflow in CodeChecker log command",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40843",
        "datePublished": "2025-10-28T18:49:49.516Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-10-28T19:30:25.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0636 (GCVE-0-2025-0636)

    Vulnerability from cvelistv5 – Published: 2025-10-13 06:26 – Updated: 2025-10-14 13:25
    VLAI
    Title
    Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller
    Summary
    EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Date Public
    2025-10-10 06:50
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T13:25:34.279595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T13:25:42.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Site Controller 6610",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "S24.Q2, S24.Q3.1 S24.Q4 S25.Q1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "S24.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAN Compute (all BB versions)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "4.Q1.C5 24.Q2 24.Q3 24.Q4 25.Q1 RCG123.1 RCG123.2 RCG123.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "24.Q1.C5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2025-10-10T06:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution. \u0026nbsp; \u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:26:16.829Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2025-0636"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary Code Execution vulnerability in Ericsson RAN Compute and Site Controller",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-0636",
        "datePublished": "2025-10-13T06:26:16.829Z",
        "dateReserved": "2025-01-22T10:46:30.753Z",
        "dateUpdated": "2025-10-14T13:25:42.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27258 (GCVE-0-2025-27258)

    Vulnerability from cvelistv5 – Published: 2025-10-13 06:25 – Updated: 2025-10-14 15:29
    VLAI
    Title
    Ericsson Network Manager: escalation of privilege vulnerability
    Summary
    Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Ericsson Network Manager(ENM) Affected: 0 , < 25.1 (custom)
    Create a notification for this product.
    Date Public
    2025-10-10 07:31
    Credits
    Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T15:29:36.817155Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T15:29:59.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ericsson Network Manager(ENM)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "Version 25.1 or later",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "25.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli"
            }
          ],
          "datePublic": "2025-10-10T07:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:25:32.326Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Network Manager: escalation of privilege vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27258",
        "datePublished": "2025-10-13T06:25:32.326Z",
        "dateReserved": "2025-02-21T08:58:20.366Z",
        "dateUpdated": "2025-10-14T15:29:59.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27259 (GCVE-0-2025-27259)

    Vulnerability from cvelistv5 – Published: 2025-10-13 06:16 – Updated: 2025-10-14 16:06
    VLAI
    Title
    Ericsson Network Manager: improper neutralization of user controlled input
    Summary
    Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Ericsson Network Manager(ENM) Affected: 0 , < all versions prior to 25.2 (custom)
    Create a notification for this product.
    Date Public
    2025-10-10 07:31
    Credits
    Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27259",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T16:01:04.095742Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T16:06:38.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ericsson Network Manager(ENM)",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "Version 25.2 or later",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "all versions prior to 25.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli"
            }
          ],
          "datePublic": "2025-10-10T07:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. \u0026nbsp;\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:16:37.104Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Network Manager: improper neutralization of user controlled input",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27259",
        "datePublished": "2025-10-13T06:16:37.104Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2025-10-14T16:06:38.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201008-0270

    Vulnerability from variot - Updated: 2026-04-10 22:47

    The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The problem is CVE-2005-3804 May be related toBy a third party UDP An arbitrary memory area may be read or modified, a function call executed, or a task managed through a request to the port. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Permissions and access control vulnerabilities exist in the WDB Target Agent Debugging Service in Wind River VxWorks 6.x, 5.x and earlier. VxWorks is prone to a remote security-bypass vulnerability. Successful exploits will allow remote attackers to perform debugging tasks on the vulnerable device. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. NOTE: This issue was previously covered in BID 42114 (VxWorks Multiple Security Vulnerabilities) but has been separated into its own record to better document it. R7-0035: VxWorks Authentication Library Weak Password Hashing August 2, 2010

    -- Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication process for the Telnet and FTP services of the VxWorks operating system. This flaw occurs due to an insecure password hashing implementation in the authentication library (loginLib) of the VxWorks operating system. Regardless of what password is set for a particular account, there are a only small number (~210k) of possible hash outputs. Typical passwords consisting of alphanumeric characters and symbols fall within an even smaller range of hash outputs (~8k), making this trivial to brute force over the network. To excaberate matters, loginLib has no support for account lockouts and the FTP daemon does not disconnect clients that consistently fail to authenticate. This reduces the brute force time for the FTP service to approximately 30 minutes.

    To demonstrate the hash weakness, the password of "insecure" hashes to the value "Ry99dzRcy9". The hashing algorithm itself is based on an additive sum with a small XOR operation. The resulting sums are then transformed to a printable string, but the range of possible intermediate values is limited and mostly sequential. The entire collision table has been precomputed and will be released in early September as an input file for common brute force tools. More information about the hashing algorithm itself is available at the Metasploit blog post below:

    http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

    There are three requirements for this vulnerability to be exploited:

    • The device must be running at least one service that uses loginLib for authentication. Telnet and FTP do so by default.

    • A valid username must be known to the attacker. This is usually easy to determine through product manuals or a cursory review of the firmware binaries.

    A typical VxWorks device will meet all three requirements by default, but customization by the device manufacturer may preclude this from being exploited. In general, if the device displays a VxWorks banner for Telnet or FTP, it is more than likely vulnerable.

    -- Vendor Response: Wind River Systems has notified their customers of the issue and suggested that each downstream vendor replace the existing hash implementation with SHA512 or SHA256. The exact extent of the vulnerability and the complete list of affected devices is not known at this time. Example code from Wind River Systems has been supplied to CERT and is included in the advisory below:

    http://www.kb.cert.org/vuls/id/840249

    -- Disclosure Timeline: 2009-06-02 - Vulnerability reported to CERT for vendor notification 2009-08-02 - Coordinated public release of advisory

    -- Credit: This vulnerability was discovered by HD Moore

    -- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.

    Our vulnerability disclosure policy is available online at:

    http://www.rapid7.com/disclosure.jsp

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "river systems vxworks through",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "wind",
            "version": "6.56.9"
          },
          {
            "_id": null,
            "model": "1756-enbt\\/a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rockwellautomation",
            "version": "3.2.6"
          },
          {
            "_id": null,
            "model": "1756-enbt\\/a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rockwellautomation",
            "version": "3.6.1"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "windriver",
            "version": "6.9.4.12"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ericsson",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "polycom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": null,
            "trust": 0.8,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": "1756-enbt series a",
            "scope": null,
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": null
          },
          {
            "_id": null,
            "model": "1756-enbt series a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rockwell automation",
            "version": "3.2.6 and  3.6.1"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wind river",
            "version": "6.x"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "wind river",
            "version": "5.x"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "_id": null,
            "model": "1756-enbt series a",
            "scope": null,
            "trust": 0.6,
            "vendor": "rockwellautomation",
            "version": null
          },
          {
            "_id": null,
            "model": "phaser 3635mfp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "0"
          },
          {
            "_id": null,
            "model": "river systems vxworks",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wind",
            "version": "0"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.5.5(1070)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.5.3(914)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.5.2(894)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.4.5(758)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.4.11(821)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.2.0(460)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "proxim",
            "version": "2.1.1(403)"
          },
          {
            "_id": null,
            "model": "oronoco ap600",
            "scope": null,
            "trust": 0.3,
            "vendor": "proxim",
            "version": null
          },
          {
            "_id": null,
            "model": "grandslam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paradyne",
            "version": "4200"
          },
          {
            "_id": null,
            "model": "networks wlan access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "2220"
          },
          {
            "_id": null,
            "model": "networks passport",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1100/1150/1200/1250"
          },
          {
            "_id": null,
            "model": "networks optical trouble ticketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "0"
          },
          {
            "_id": null,
            "model": "cmts038-007 cmts2.6.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "kathrein",
            "version": null
          },
          {
            "_id": null,
            "model": "cmts038-007 cmts2.17.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "kathrein",
            "version": null
          },
          {
            "_id": null,
            "model": "cmts038-007 cmts2.14.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "kathrein",
            "version": null
          },
          {
            "_id": null,
            "model": "cmts038-007 cmts2.11.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "kathrein",
            "version": null
          },
          {
            "_id": null,
            "model": "gaoke co mg6000 voip gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "",
            "version": "0"
          },
          {
            "_id": null,
            "model": "networks edgeiron 4802f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "foundry",
            "version": "1.4.8"
          },
          {
            "_id": null,
            "model": "networks edgeiron 4802f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "foundry",
            "version": "1.3.7"
          },
          {
            "_id": null,
            "model": "networks edgeiron 4802f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "foundry",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "ip phone",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7920"
          },
          {
            "_id": null,
            "model": "cadant c3 cmts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arris",
            "version": "0"
          },
          {
            "_id": null,
            "model": "omniswitch 5.1.5.245.r04",
            "scope": null,
            "trust": 0.3,
            "vendor": "alcatel lucent",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          },
          {
            "db": "BID",
            "id": "42158"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:windriver:vxworks",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Thanks to HD Moore for reporting a wider scope with additional research related to this vulnerability.  Earlier public reports came from Bennett Todd and Shawn Merdinger. This document was written by Jared Allar. ",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2010-2965",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-2965",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 9.5,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-2965",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "HIGH",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CARNEGIE MELLON",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 9.5,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "VU#840249",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2010-3891",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d738f00-463f-11e9-ac13-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "017253fa-2356-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-45570",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2010-2965",
                "trust": 1.6,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-2965",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#840249",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2010-3891",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201008-029",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d738f00-463f-11e9-ac13-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "017253fa-2356-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-45570",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. Some products based on VxWorks have the WDB target agent debug service enabled by default.  This service provides read/write access to the device\u0027s memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image.  It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer\u0027s guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions.  An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The problem is CVE-2005-3804 May be related toBy a third party UDP An arbitrary memory area may be read or modified, a function call executed, or a task managed through a request to the port. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Permissions and access control vulnerabilities exist in the WDB Target Agent Debugging Service in Wind River VxWorks 6.x, 5.x and earlier. VxWorks is prone to a remote security-bypass vulnerability. \nSuccessful exploits will allow remote attackers to perform debugging tasks on the vulnerable device. \nThe issue affects multiple products from multiple vendors that ship with the VxWorks operating system. \nNOTE: This issue was previously covered in BID 42114 (VxWorks Multiple Security Vulnerabilities) but has been separated into its own record to better document it. R7-0035: VxWorks Authentication Library Weak Password Hashing\nAugust 2, 2010\n\n-- Vulnerability Details:\nThis vulnerability allows remote attackers to bypass the authentication\nprocess for the Telnet and FTP services of the VxWorks operating system. \nThis flaw occurs due to an insecure password hashing implementation in\nthe authentication library (loginLib) of the VxWorks operating system. \nRegardless of what password is set for a particular account, there are a\nonly small number (~210k) of possible hash outputs. Typical passwords\nconsisting of alphanumeric characters and symbols fall within an even\nsmaller range of hash outputs (~8k), making this trivial to brute force\nover the network. To excaberate matters, loginLib has no support for\naccount lockouts and the FTP daemon does not disconnect clients that\nconsistently fail to authenticate. This reduces the brute force time for\nthe FTP service to approximately 30 minutes. \n\nTo demonstrate the hash weakness, the password of \"insecure\" hashes to\nthe value \"Ry99dzRcy9\". The hashing algorithm itself is based on an additive sum\nwith a small XOR operation. The resulting sums are then transformed to a\nprintable string, but the range of possible intermediate values is\nlimited and mostly sequential. The entire collision table has been\nprecomputed and will be released in early September as an input file for\ncommon brute force tools. More information about the hashing algorithm\nitself is available at the Metasploit blog post below:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\nThere are three requirements for this vulnerability to be exploited:\n\n * The device must be running at least one service that uses loginLib\nfor authentication. Telnet and FTP do so by default. \n\n * A valid username must be known to the attacker. This is usually easy\nto determine through product manuals or a cursory review of the firmware\nbinaries. \n\nA typical VxWorks device will meet all three requirements by default,\nbut customization by the device manufacturer may preclude this from\nbeing exploited. In general, if the device displays a VxWorks banner for\nTelnet or FTP, it is more than likely vulnerable. \n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nsuggested that each downstream vendor replace the existing hash\nimplementation with SHA512 or SHA256. The exact extent of the\nvulnerability and the complete list of affected devices is not known at\nthis time. Example code from Wind River Systems has been supplied to\nCERT and is included in the advisory below:\n\n http://www.kb.cert.org/vuls/id/840249\n\n-- Disclosure Timeline:\n2009-06-02 - Vulnerability reported to CERT for vendor notification\n2009-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by HD Moore\n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-2965"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          },
          {
            "db": "BID",
            "id": "42158"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570"
          },
          {
            "db": "PACKETSTORM",
            "id": "92449"
          }
        ],
        "trust": 6.03
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/362332",
            "trust": 0.8,
            "type": "unknown"
          },
          {
            "reference": "https://www.kb.cert.org/vuls/id/840249",
            "trust": 0.8,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#362332",
            "trust": 4.8
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965",
            "trust": 3.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-10-214-01",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "42114",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "42158",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D738F00-463F-11E9-AC13-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "017253FA-2356-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "92449",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570"
          },
          {
            "db": "BID",
            "id": "42158"
          },
          {
            "db": "PACKETSTORM",
            "id": "92449"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965"
          }
        ]
      },
      "id": "VAR-201008-0270",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570"
          }
        ],
        "trust": 2.52030044
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 2.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:47:09.862000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://windriver.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rockwellautomation.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://windriver.com/index.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-45570"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.kb.cert.org/vuls/id/362332"
          },
          {
            "trust": 2.5,
            "url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033708"
          },
          {
            "trust": 2.1,
            "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
          },
          {
            "trust": 1.7,
            "url": "http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735"
          },
          {
            "trust": 1.7,
            "url": "http://www.kb.cert.org/vuls/id/mapg-86epfa"
          },
          {
            "trust": 1.7,
            "url": "http://www.kb.cert.org/vuls/id/mapg-86fpql"
          },
          {
            "trust": 1.6,
            "url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
          },
          {
            "trust": 1.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
          },
          {
            "trust": 1.0,
            "url": "http://seclists.org/fulldisclosure/2025/jan/10"
          },
          {
            "trust": 0.9,
            "url": "http://www.kb.cert.org/vuls/id/840249"
          },
          {
            "trust": 0.8,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml"
          },
          {
            "trust": 0.8,
            "url": "http://seclists.org/vuln-dev/2002/may/179"
          },
          {
            "trust": 0.8,
            "url": "http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/215.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/505.html"
          },
          {
            "trust": 0.8,
            "url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
          },
          {
            "trust": 0.8,
            "url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
          },
          {
            "trust": 0.8,
            "url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/327.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/916.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu840249"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2965"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2965"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/362332http"
          },
          {
            "trust": 0.3,
            "url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202013-345-01"
          },
          {
            "trust": 0.3,
            "url": "http://www.windriver.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/512825"
          },
          {
            "trust": 0.1,
            "url": "http://www.rapid7.com/disclosure.jsp"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891"
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570"
          },
          {
            "db": "BID",
            "id": "42158"
          },
          {
            "db": "PACKETSTORM",
            "id": "92449"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3891",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-45570",
            "ident": null
          },
          {
            "db": "BID",
            "id": "42158",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "92449",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001882",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005612",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2965",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2010-08-03T00:00:00",
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "IVD",
            "id": "7d738f00-463f-11e9-ac13-000c29342cb1",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "IVD",
            "id": "017253fa-2356-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3891",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-45570",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "BID",
            "id": "42158",
            "ident": null
          },
          {
            "date": "2010-08-03T18:01:12",
            "db": "PACKETSTORM",
            "id": "92449",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-029",
            "ident": null
          },
          {
            "date": "2010-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001882",
            "ident": null
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-005612",
            "ident": null
          },
          {
            "date": "2010-08-05T13:22:29.793000",
            "db": "NVD",
            "id": "CVE-2010-2965",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-09-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "date": "2014-06-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3891",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-45570",
            "ident": null
          },
          {
            "date": "2015-03-19T08:47:00",
            "db": "BID",
            "id": "42158",
            "ident": null
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-029",
            "ident": null
          },
          {
            "date": "2010-08-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001882",
            "ident": null
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-005612",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2010-2965",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Wind River Systems VxWorks debug service enabled by default",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-029"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201008-1003

    Vulnerability from variot - Updated: 2026-04-10 22:04

    The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com)

    Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)

    Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)

    Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)

    Vendor response: TP-Link are not convinced that these flaws should be repaired.

    TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.

    Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.

    (TL-SG2008 first product availability July 2014...)

    Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")

    Fix availability: None.

    Work-arounds advised: None possible. Remove products from network. ----------------------------------------------------------------------

    "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."

    Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:

    http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf


    TITLE: Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability

    SECUNIA ADVISORY ID: SA40829

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40829

    RELEASE DATE: 2010-08-04

    DISCUSS ADVISORY: http://secunia.com/advisories/40829/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/40829/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=40829

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in Rockwell Automation 1756-ENBT series A, which can be exploited by malicious people to compromise the vulnerable device.

    The vulnerability is caused due to the VxWorks debug agent being enabled, which can be exploited to gain control over the device by e.g. sending specially crafted requests to port 17185/UDP.

    The vulnerability is reported in Rockwell Automation 1756-ENBT series A running firmware versions 3.2.6 and 3.6.1.

    SOLUTION: See Rockwell Automation Technote #69735.

    Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    PROVIDED AND/OR DISCOVERED BY: Reported in VxWorks by Bennett Todd, Shawn Merdinger, and HD Moore.

    ORIGINAL ADVISORY: US-CERT VU#362332: http://www.kb.cert.org/vuls/id/362332 http://www.kb.cert.org/vuls/id/MAPG-86FPQL

    HD Moore: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "5"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "6"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "windriver",
            "version": "6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ericsson",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "polycom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "wind river",
            "version": "6.x"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "wind river",
            "version": "5.x"
          },
          {
            "_id": null,
            "model": "river systems vxworks through",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wind",
            "version": "6.56.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "windriver",
            "version": "6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:windriver:vxworks",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Thanks to HD Moore for reporting a wider scope with additional research related to this vulnerability.  Earlier public reports came from Bennett Todd and Shawn Merdinger. This document was written by Jared Allar. ",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2010-2966",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-2966",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 9.5,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-2965",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "HIGH",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CARNEGIE MELLON",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 9.5,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "VU#840249",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2010-3890",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "0169ca3c-2356-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d7367f0-463f-11e9-837f-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-2966",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-2965",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#840249",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-2966",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2010-3890",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201008-030",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0169ca3c-2356-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d7367f0-463f-11e9-837f-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default.  This service provides read/write access to the device\u0027s memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image.  It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer\u0027s guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions.  An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n   * All TP-Link VxWorks-based devices (confirmed by vendor)\n   * All \"2-series\" switches (confirmed by vendor)\n   * TL-SG2008 semi-managed switch (confirmed by vendor)\n   * TL-SG2216 semi-managed switch (confirmed by vendor)\n   * TL-SG2424 semi-managed switch (confirmed by vendor)\n   * TL-SG2424P semi-managed switch (confirmed by vendor)\n   * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n   * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n     at the very least:\n     * CVE-2013-0716 (confirmed by vendor)\n     * CVE-2013-0715 (confirmed by vendor)\n     * CVE-2013-0714 (confirmed by vendor)\n     * CVE-2013-0713 (confirmed by vendor)\n     * CVE-2013-0712 (confirmed by vendor)\n     * CVE-2013-0711 (confirmed by vendor)\n     * CVE-2010-2967 (confirmed by vendor)\n     * CVE-2010-2966 (confirmed by vendor)\n     * CVE-2008-2476 (confirmed by vendor)\n   * SSLv2 is available and cannot be disabled unless HTTPS is\n     completely disabled (allows downgrade attacks)\n     (confirmed by vendor)\n   * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n     be disabled (allows downgrade attacks)\n     (confirmed by vendor)\n\nDesign flaws:\n   * Telnet is available and cannot be disabled (confirmed by vendor)\n   * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n   TP-Link are not convinced that these flaws should be repaired. \n\n   TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n   intermittently. Most emails bounced. Lost contact with vendor, but\n   did confirm that development lead is now on holiday and will not\n   return for at least a week. \n\n   Initial vendor reaction was to recommend purchase of \"3-series\"\n   switches. Vendor did not offer reasons why \"3-series\" switches would\n   be more secure, apart from lack of telnet service. Vendor confirmed\n   that no development time can be allocated to securing \"2-series\"\n   product and all focus has shifted to newer products. \n\n   (TL-SG2008 first product availability July 2014...)\n\n   Vendor deeply confused about security of DES/3DES, MD5, claimed that\n   all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n   have different security level.\")\n\nFix availability:\n   None. \n\nWork-arounds advised:\n   None possible. Remove products from network. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40829\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40829/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40829\n\nRELEASE DATE:\n2010-08-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40829/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40829/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40829\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Rockwell Automation 1756-ENBT\nseries A, which can be exploited by malicious people to compromise\nthe vulnerable device. \n\nThe vulnerability is caused due to the VxWorks debug agent being\nenabled, which can be exploited to gain control over the device by\ne.g. sending specially crafted requests to port 17185/UDP. \n\nThe vulnerability is reported in Rockwell Automation 1756-ENBT series\nA running firmware versions 3.2.6 and 3.6.1. \n\nSOLUTION:\nSee Rockwell Automation Technote #69735. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported in VxWorks by Bennett Todd, Shawn Merdinger, and HD Moore. \n\nORIGINAL ADVISORY:\nUS-CERT VU#362332:\nhttp://www.kb.cert.org/vuls/id/362332\nhttp://www.kb.cert.org/vuls/id/MAPG-86FPQL\n\nHD Moore:\nhttp://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-2966"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "PACKETSTORM",
            "id": "128512"
          },
          {
            "db": "PACKETSTORM",
            "id": "92397"
          }
        ],
        "trust": 5.04
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/362332",
            "trust": 0.8,
            "type": "unknown"
          },
          {
            "reference": "https://www.kb.cert.org/vuls/id/840249",
            "trust": 0.8,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#840249",
            "trust": 3.8
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-10-214-01",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "42114",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "0169CA3C-2356-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D7367F0-463F-11E9-837F-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "SECUNIA",
            "id": "40829",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "128512",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "92397",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "PACKETSTORM",
            "id": "128512"
          },
          {
            "db": "PACKETSTORM",
            "id": "92397"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966"
          }
        ]
      },
      "id": "VAR-201008-1003",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          }
        ],
        "trust": 2.50988144
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.4
          },
          {
            "category": [
              "IoT",
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:04:36.136000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.windriver.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.0,
            "url": "http://www.kb.cert.org/vuls/id/840249"
          },
          {
            "trust": 1.7,
            "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
          },
          {
            "trust": 1.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml"
          },
          {
            "trust": 0.8,
            "url": "http://seclists.org/vuln-dev/2002/may/179"
          },
          {
            "trust": 0.8,
            "url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033708"
          },
          {
            "trust": 0.8,
            "url": "http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/215.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/505.html"
          },
          {
            "trust": 0.8,
            "url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
          },
          {
            "trust": 0.8,
            "url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
          },
          {
            "trust": 0.8,
            "url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/327.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/916.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2966"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2966"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/362332http"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
          },
          {
            "trust": 0.1,
            "url": "http://tp-link.com)"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/mapg-86fpql"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/evm/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40829/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40829"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/362332"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/40829/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "PACKETSTORM",
            "id": "128512"
          },
          {
            "db": "PACKETSTORM",
            "id": "92397"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128512",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "92397",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005613",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2966",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2010-08-05T00:00:00",
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3890",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "date": "2014-10-01T10:11:11",
            "db": "PACKETSTORM",
            "id": "128512",
            "ident": null
          },
          {
            "date": "2010-08-05T13:58:08",
            "db": "PACKETSTORM",
            "id": "92397",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-030",
            "ident": null
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-005613",
            "ident": null
          },
          {
            "date": "2010-08-05T13:22:29.827000",
            "db": "NVD",
            "id": "CVE-2010-2966",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-09-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "date": "2014-06-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3890",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "date": "2010-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-030",
            "ident": null
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-005613",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2010-2966",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Wind River VxWorks INCLUDE_SECURITY Feature Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2010-3890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "_id": null,
        "data": "Trust management",
        "sources": [
          {
            "db": "IVD",
            "id": "0169ca3c-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7367f0-463f-11e9-837f-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-030"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201008-1004

    Vulnerability from variot - Updated: 2026-03-09 20:16

    The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com)

    Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)

    Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)

    Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)

    Vendor response: TP-Link are not convinced that these flaws should be repaired.

    TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.

    Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.

    (TL-SG2008 first product availability July 2014...)

    Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")

    Fix availability: None.

    Work-arounds advised: None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure August 2, 2010

    -- Rapid7 Customer Protection: Rapid7 NeXpose customers have access to a vulnerability check for this flaw as of the latest update. More information about this check can be found online at:

    http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed

    -- Vulnerability Details: This vulnerability allows remote attackers to read memory, write memory, execute code, and ultimately take complete control of the affected device. This issue affects over 100 different vendors and a multitude of products, both shipping and end-of-life. A spreadsheet of identified products affected by this flaw can be found at the URL below. This index is not comprehensive and not all devices found are still supported.

    http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls

    This flaw occurs due to an insecure setting in the configuration file of the manufacturer's source code. This setting results in a system- debug service being exposed on UDP port 17185. More information about this issue can be found at the Metasploit blog:

    http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

    -- Vendor Response: Wind River Systems has notified their customers of the issue and indicated that the WDB agent should be disabled for production builds. CERT has notified every vendor with an identified, shipping product containing this vulnerability. Responses for each specific vendor can be found in the CERT advisory:

    http://www.kb.cert.org/vuls/id/362332

    -- Disclosure Timeline: 2010-06-02 - Vulnerability reported to CERT for vendor notification 2010-08-02 - Coordinated public release of advisory

    -- Credit: This vulnerability had been discovered in specific devices in multiple instances, first by Bennett Todd in 2002 and then Shawn Merdinger in 2005. A comprehensive analysis of all affected devices was conducted by HD Moore in 2010.

    -- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool.

    Our vulnerability disclosure policy is available online at:

    http://www.rapid7.com/disclosure.jsp

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "5"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "windriver",
            "version": "6"
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "windriver",
            "version": "6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ericsson",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "polycom",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "wind river",
            "version": null
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "wind river",
            "version": "6.9"
          },
          {
            "_id": null,
            "model": "river systems vxworks through",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wind",
            "version": "6.56.9"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "_id": null,
            "model": "vxworks",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "windriver",
            "version": "6.8"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "6"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "vxworks",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2967"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:windriver:vxworks",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Thanks to HD Moore for reporting a wider scope with additional research related to this vulnerability.  Earlier public reports came from Bennett Todd and Shawn Merdinger. This document was written by Jared Allar. ",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2010-2967",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-2967",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 9.5,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "CVE-2010-2965",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "HIGH",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CARNEGIE MELLON",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 9.5,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "VU#840249",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "WORKAROUND",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "NOT DEFINED",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2010-3889",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "0183e958-2356-11e6-abef-000c29c66e3d",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d753cb1-463f-11e9-876d-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-2967",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-2965",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#840249",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-2967",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2010-3889",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201008-031",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "0183e958-2356-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d753cb1-463f-11e9-876d-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2967"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default.  This service provides read/write access to the device\u0027s memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image.  It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer\u0027s guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions.  An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n   * All TP-Link VxWorks-based devices (confirmed by vendor)\n   * All \"2-series\" switches (confirmed by vendor)\n   * TL-SG2008 semi-managed switch (confirmed by vendor)\n   * TL-SG2216 semi-managed switch (confirmed by vendor)\n   * TL-SG2424 semi-managed switch (confirmed by vendor)\n   * TL-SG2424P semi-managed switch (confirmed by vendor)\n   * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n   * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n     at the very least:\n     * CVE-2013-0716 (confirmed by vendor)\n     * CVE-2013-0715 (confirmed by vendor)\n     * CVE-2013-0714 (confirmed by vendor)\n     * CVE-2013-0713 (confirmed by vendor)\n     * CVE-2013-0712 (confirmed by vendor)\n     * CVE-2013-0711 (confirmed by vendor)\n     * CVE-2010-2967 (confirmed by vendor)\n     * CVE-2010-2966 (confirmed by vendor)\n     * CVE-2008-2476 (confirmed by vendor)\n   * SSLv2 is available and cannot be disabled unless HTTPS is\n     completely disabled (allows downgrade attacks)\n     (confirmed by vendor)\n   * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n     be disabled (allows downgrade attacks)\n     (confirmed by vendor)\n\nDesign flaws:\n   * Telnet is available and cannot be disabled (confirmed by vendor)\n   * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n   TP-Link are not convinced that these flaws should be repaired. \n\n   TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n   intermittently. Most emails bounced. Lost contact with vendor, but\n   did confirm that development lead is now on holiday and will not\n   return for at least a week. \n\n   Initial vendor reaction was to recommend purchase of \"3-series\"\n   switches. Vendor did not offer reasons why \"3-series\" switches would\n   be more secure, apart from lack of telnet service. Vendor confirmed\n   that no development time can be allocated to securing \"2-series\"\n   product and all focus has shifted to newer products. \n\n   (TL-SG2008 first product availability July 2014...)\n\n   Vendor deeply confused about security of DES/3DES, MD5, claimed that\n   all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n   have different security level.\")\n\nFix availability:\n   None. \n\nWork-arounds advised:\n   None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure\nAugust 2, 2010\n\n-- Rapid7 Customer Protection:\nRapid7 NeXpose customers have access to a vulnerability check for this\nflaw as of the latest update. More information about this check can be\nfound online at:\n\n http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed\n\n-- Vulnerability Details:\nThis vulnerability allows remote attackers to read memory, write memory,\nexecute code, and ultimately take complete control of the affected\ndevice. This issue affects over 100 different vendors and a multitude of\nproducts, both shipping and end-of-life. A spreadsheet of identified\nproducts affected by this flaw can be found at the URL below. This index\nis not comprehensive and not all devices found are still supported. \n\n http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls\n\nThis flaw occurs due to an insecure setting in the configuration file of\nthe manufacturer\u0027s source code. This setting results in a system- debug\nservice being exposed on UDP port 17185. More information about this issue can be found\nat the Metasploit blog:\n\n http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\n-- Vendor Response:\nWind River Systems has notified their customers of the issue and\nindicated that the WDB agent should be disabled for production builds. \nCERT has notified every vendor with an identified, shipping product\ncontaining this vulnerability. Responses for each specific vendor can be\nfound in the CERT advisory:\n\n http://www.kb.cert.org/vuls/id/362332\n\n-- Disclosure Timeline:\n2010-06-02 - Vulnerability reported to CERT for vendor notification\n2010-08-02 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability had been discovered in specific devices in multiple\ninstances, first by Bennett Todd in 2002 and then Shawn Merdinger in\n2005. A comprehensive analysis of all affected devices was conducted by\nHD Moore in 2010. \n\n-- About Rapid7 Security\nRapid7 provides vulnerability management, compliance and penetration\ntesting solutions for Web application, network and database security. In\naddition to developing the NeXpose Vulnerability Management system,\nRapid7 manages the Metasploit Project and is the primary sponsor of the\nW3AF web assessment tool. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.rapid7.com/disclosure.jsp\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-2967"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "PACKETSTORM",
            "id": "128512"
          },
          {
            "db": "PACKETSTORM",
            "id": "92448"
          }
        ],
        "trust": 5.04
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/362332",
            "trust": 0.8,
            "type": "unknown"
          },
          {
            "reference": "https://www.kb.cert.org/vuls/id/840249",
            "trust": 0.8,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-2967",
            "trust": 3.5
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-10-214-01",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "42114",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "0183E958-2356-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D753CB1-463F-11E9-876D-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "128512",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "92448",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "PACKETSTORM",
            "id": "128512"
          },
          {
            "db": "PACKETSTORM",
            "id": "92448"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2967"
          }
        ]
      },
      "id": "VAR-201008-1004",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          }
        ],
        "trust": 2.50988144
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.4
          },
          {
            "category": [
              "IoT",
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          }
        ]
      },
      "last_update_date": "2026-03-09T20:16:07.120000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.windriver.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-310",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2967"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
          },
          {
            "trust": 2.4,
            "url": "http://www.kb.cert.org/vuls/id/840249"
          },
          {
            "trust": 2.3,
            "url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
          },
          {
            "trust": 1.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
          },
          {
            "trust": 0.8,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml"
          },
          {
            "trust": 0.8,
            "url": "http://seclists.org/vuln-dev/2002/may/179"
          },
          {
            "trust": 0.8,
            "url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033708"
          },
          {
            "trust": 0.8,
            "url": "http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/215.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/505.html"
          },
          {
            "trust": 0.8,
            "url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
          },
          {
            "trust": 0.8,
            "url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/327.html"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/916.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2967"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2967"
          },
          {
            "trust": 0.6,
            "url": "http://www.kb.cert.org/vuls/id/362332http"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
          },
          {
            "trust": 0.1,
            "url": "http://tp-link.com)"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
          },
          {
            "trust": 0.1,
            "url": "http://www.rapid7.com/disclosure.jsp"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/362332"
          },
          {
            "trust": 0.1,
            "url": "http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed"
          },
          {
            "trust": 0.1,
            "url": "http://www.metasploit.com/data/confs/bsideslv2010/vxworksdevices.xls"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#362332"
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489"
          },
          {
            "db": "PACKETSTORM",
            "id": "128512"
          },
          {
            "db": "PACKETSTORM",
            "id": "92448"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2967"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "ident": null
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128512",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "92448",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-005614",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2010-2967",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2010-08-03T00:00:00",
            "db": "IVD",
            "id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "IVD",
            "id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "date": "2010-08-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3889",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "date": "2014-10-01T10:11:11",
            "db": "PACKETSTORM",
            "id": "128512",
            "ident": null
          },
          {
            "date": "2010-08-03T17:02:02",
            "db": "PACKETSTORM",
            "id": "92448",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-031",
            "ident": null
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-005614",
            "ident": null
          },
          {
            "date": "2010-08-05T13:22:29.857000",
            "db": "NVD",
            "id": "CVE-2010-2967",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-09-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#362332",
            "ident": null
          },
          {
            "date": "2014-06-02T00:00:00",
            "db": "CERT/CC",
            "id": "VU#840249",
            "ident": null
          },
          {
            "date": "2010-08-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-3889",
            "ident": null
          },
          {
            "date": "2010-08-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2010-1489",
            "ident": null
          },
          {
            "date": "2010-08-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201008-031",
            "ident": null
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-005614",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2010-2967",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Wind River VxWorks loginDefaultEncrypt Algorithm encryption problem vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "0183e958-2356-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d753cb1-463f-11e9-876d-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2010-3889"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "_id": null,
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201008-031"
          }
        ],
        "trust": 0.6
      }
    }