VxWorks WDB Debug Service Detection

critical Nessus Plugin ID 48264

Language:

Synopsis

Arbitrary commands can be run on this port.

Description

A VxWorks WDB Debug Agent is running on this host.

Using this service, it is possible to read or write any memory zone or execute arbitrary code on the host. An attacker can use this flaw to take complete control of the affected device.

Solution

Disable the debug agent or contact the device's vendor for a patch.

Plugin Details

Severity: Critical

ID: 48264

File Name: wdb_agent_detect.nasl

Version: 1.19

Type: remote

Family: RPC

Published: 8/6/2010

Updated: 6/1/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:windriver:vxworks

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/2/2010

Reference Information

CVE: CVE-2010-2965

BID: 42158

CERT: 362332

ICSA: 10-214-01

Detections

Analytics