Detections
Analytics

Wind River VxWorks < 7 Build 21.03 DoS

medium Nessus Plugin ID 155732

Language:

Synopsis

The remote VxWorks device is potentially affected by a denial of service vulnerability.

Description

According to its self-reported version, the remote device is Wind River VxWorks 7 and it's affected by a denial of service vulnerability due to a buffer over-read on IKE. An unauthenticated, remote attacer can exploit this, by sending a specially crafted IKE packet, to cause IKE and services dependant on IKE to stop working.

Note that Nessus has not tested for this issue but has instead relied only on the OS version.

Solution

Contact the device vendor to obtain the appropriate update.

See Also

http://www.nessus.org/u?df55bf91

Plugin Details

Severity: Medium

ID: 155732

File Name: vxworks_cve-2021-29997.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 11/30/2021

Updated: 12/1/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-29997

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:windriver:vxworks

Required KB Items: Host/VxWorks

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2021

Vulnerability Publication Date: 4/13/2021

Reference Information

CVE: CVE-2021-29997

IAVA: 2021-A-0504