PT-2020-12609 · Wind River · Vxworks

Published

2020-07-23

Updated

2021-07-21

CVE-2020-11440

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 5.5 through 7 SR0640

Description The issue is related to the httpRpmFs in WebCLI, which has no check for an escape from the web root. This allows for potential unauthorized access.

Recommendations For versions 5.5 through 7 SR0640, consider restricting access to the WebCLI to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-11440

Affected Products

Vxworks

PT-2020-12609 · Wind River · Vxworks

CVE-2020-11440

Related Identifiers

Affected Products

References · 5