CVE-2022-23937 HIGH

Published: 2022-03-29 | Last Modified: 2024-11-21 | Status: Modified

Description

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.

Additional Descriptions (1)

En Wind River VxWorks versiones 6.9 y 7, un paquete diseñado específico puede provocar una lectura fuera de límites durante un escenario de intercambio inicial de IKE

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-125

Affected Products

Vendor	Product	Version	Update	Type
windriver	vxworks	6.9	<built-in method update of dict object at 0x72a9b0aad7c0>	Operating System
windriver	vxworks	7.0	<built-in method update of dict object at 0x72a9b0aac400>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:windriver:vxworks:6.9:::::::*`
Yes	`cpe:2.3:o:windriver:vxworks:7.0:::::::*`

References

https://support2.windriver.com/index.php?page=cve&pg=21#list
Source: [email protected]

Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Source: [email protected]

Vendor Advisory
https://support2.windriver.com/index.php?page=cve&pg=21#list
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory