Wind River VxWorks TCP Predictability Vulnerability

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote VxWorks device is potentially affected by a TCP
predictability vulnerability.

Description :

According to its self-reported version, the Wind River VxWorks remote
device is potentially affected by a TCP predictability vulnerability
that allows a man-in-the-middle attacker to predict the TCP initial
sequence numbers based on previous values. This can exploited to spoof
or disrupt TCP connections, or to gain access to sensitive
information.

Note that Nessus has not checked for the presence of the patch so this
finding may be a false positive.

Solution :

Contact the device vendor for the appropriate patch.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 84399 ()

Bugtraq ID: 75302

CVE ID: CVE-2015-3963

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now