VxWorks WDB Debug Service Detection

Critical Nessus Plugin ID 48264

Synopsis

Arbitrary commands can be run on this port.

Description

A VxWorks WDB Debug Agent is running on this host.

Using this service, it is possible to read or write any memory zone or execute arbitrary code on the host. An attacker can use this flaw to take complete control of the affected device.

Solution

Disable the debug agent or contact the device's vendor for a patch.

Plugin Details

Severity: Critical

ID: 48264

File Name: wdb_agent_detect.nasl

Version: $Revision: 1.13 $

Type: remote

Family: RPC

Published: 2010/08/06

Modified: 2015/01/13

Dependencies: 11111

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2010/08/02

Reference Information

CVE: CVE-2010-2965

BID: 42158

CERT: 362332

ICSA: 10-214-01