CVE-2022-38767

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 6.9 through 7

Description The issue allows a specifically crafted packet sent by a Radius server to cause Denial of Service during the IP Radius access procedure. This is related to the execution of a loop with an unavailable exit condition. Exploitation of the issue may allow a remote attacker to cause a Denial of Service by sending a specially crafted packet.

Recommendations For Wind River VxWorks versions 6.9 through 7, consider disabling the IP Radius access procedure until a patch is available to prevent Denial of Service attacks. Restrict access to the Radius server to minimize the risk of exploitation. Avoid using the Radius protocol in the affected IP Radius access procedure until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.