Wind River VxWorks < 7 Build 21.03 DoS

medium Nessus Plugin ID 155732


The remote VxWorks device is potentially affected by a denial of service vulnerability.


According to its self-reported version, the remote device is Wind River VxWorks 7 and it's affected by a denial of service vulnerability due to a buffer over-read on IKE. An unauthenticated, remote attacer can exploit this, by sending a specially crafted IKE packet, to cause IKE and services dependant on IKE to stop working.

Note that Nessus has not tested for this issue but has instead relied only on the OS version.


Contact the device vendor to obtain the appropriate update.

See Also

Plugin Details

Severity: Medium

ID: 155732

File Name: vxworks_cve-2021-29997.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 11/30/2021

Updated: 12/1/2021

Risk Information


Risk Factor: Low

Score: 1.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-29997


Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:windriver:vxworks

Required KB Items: Host/VxWorks

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2021

Vulnerability Publication Date: 4/13/2021

Reference Information

CVE: CVE-2021-29997

IAVA: 2021-A-0504