Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2015-7599

Published: 07/02/2017 Updated: 16/11/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Vxworks

Vulnerability Summary

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 up to and including 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

windriver vxworks 6.4

windriver vxworks 5.5

windriver vxworks 6.8

windriver vxworks 6.9

windriver vxworks

windriver vxworks 6.7

Github Repositories

https://github.com/xjforfuture/isf

工业

Industrial Exploitation Framework ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework ISF is based on open source project routersploit Read this in other languages: English, 简体中文, ICS Protocol Clients Name Path Description modbus_tcp_client icssploit/clients/modbus_tcp_clientpy Modbus-TC

https://github.com/67626d/ICS

安全工具/代码/ICS安全漏洞利用框架

Industrial Exploitation Framework ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework ISF is based on open source project routersploit Read this in other languages: English, 简体中文, ICS Protocol Clients Name Path Description modbus_tcp_client icssploit/clients/modbus_tcp_clientpy Modbus-TC

https://github.com/dark-lbp/isf

ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python

Industrial Exploitation Framework ISF(Industrial Exploitation Framework) is a exploitation framework based on Python, it's similar to metasploit framework ISF is based on open source project routersploit Read this in other languages: English, 简体中文, Disclaimer Usage of ISF for attacking targets without prior mutual consent is illegal It is the end user's res

References

CWE-190https://www.syscan360.org/slides/2015_EN_AttackingVxWorksFromstoneagetointerstellar_Eric_Yannick.pdfhttps://kb.netapp.com/support/s/article/cve-2015-7599-vxworks-vulnerability-impacting-netapp-e-series-products?language=en_UShttp://blogs.windriver.com/wind_river_blog/2015/09/wind-river-vxworks-updateclarification.htmlhttp://www.securityfocus.com/bid/79205https://security.netapp.com/advisory/ntap-20151029-0001/https://nvd.nist.govhttps://github.com/xjforfuture/isf
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook