PT-2015-6362 · Wind River · Vxworks
David Formby
+2
·
Publicado
2015-08-04
·
Atualizado
2021-07-22
·
CVE-2015-3963
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Wind River VxWorks versions prior to 5.5.1
Wind River VxWorks versions 6.5.x through 6.7.x before 6.7.1.1
Wind River VxWorks versions 6.8.x before 6.8.3
Wind River VxWorks versions 6.9.x before 6.9.4.4
Wind River VxWorks versions 7.x before 7
Description
The issue is related to the improper generation of TCP initial sequence number (ISN) values, making it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
Recommendations
For versions prior to 5.5.1, update to version 5.5.1 or later.
For versions 6.5.x through 6.7.x, update to version 6.7.1.1 or later.
For versions 6.8.x, update to version 6.8.3 or later.
For versions 6.9.x, update to version 6.9.4.4 or later.
For versions 7.x, update to a version later than 7.
Correção
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vxworks