GCVE - cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*

part: o version: 6.4 update: *

Vendor	Windriver (`1c9d3e00-99c4-5be7-a4c6-5cc8709ef134`)
Product	Vxworks (`437ab3e0-0513-5f7d-b676-0a34e46c28dc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-7599`	vulnerable	2026-06-08 05:07:01.499365	Details available Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. Published: 2017-02-07T17:00:00.000Z Updated: 2024-08-06T07:51:28.614Z Open on db.gcve.eu Reference links https://security.netapp.com/advisory/ntap-20151029-0001/ https://www.syscan360.org/slides/2015_EN_AttackingVxWorksFromstoneagetointerstellar_Eric_Yannick.pdf http://blogs.windriver.com/wind_river_blog/2015/09/wind-river-vxworks-updateclarification.html http://www.securityfocus.com/bid/79205 https://kb.netapp.com/support/s/article/cve-2015-7599-vxworks-vulnerability-impacting-netapp-e-series-products?language=en_US	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2968`	vulnerable	2026-06-08 04:55:11.867966	Details available The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-17T02:27:41.743Z Open on db.gcve.eu Reference links http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2967`	vulnerable	2026-06-08 04:55:11.867599	Details available The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-16T16:57:53.586Z Open on db.gcve.eu Reference links https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 http://www.kb.cert.org/vuls/id/840249 http://www.kb.cert.org/vuls/id/MAPG-863QH9 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2966`	vulnerable	2026-06-08 04:55:11.867078	Details available The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-16T22:50:46.601Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/840249 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.