PT-2015-6362 · Wind River · Vxworks
David Formby
+2
·
Published
2015-08-04
·
Updated
2021-07-22
·
CVE-2015-3963
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Wind River VxWorks versions prior to 5.5.1
Wind River VxWorks versions 6.5.x through 6.7.x before 6.7.1.1
Wind River VxWorks versions 6.8.x before 6.8.3
Wind River VxWorks versions 6.9.x before 6.9.4.4
Wind River VxWorks versions 7.x before 7
Description
The issue is related to the improper generation of TCP initial sequence number (ISN) values, making it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
Recommendations
For versions prior to 5.5.1, update to version 5.5.1 or later.
For versions 6.5.x through 6.7.x, update to version 6.7.1.1 or later.
For versions 6.8.x, update to version 6.8.3 or later.
For versions 6.9.x, update to version 6.9.4.4 or later.
For versions 7.x, update to a version later than 7.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vxworks