5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
42.6%
According to its self-reported version, the remote device is Wind River VxWorks 7 and it’s affected by a denial of service vulnerability due to a buffer over-read on IKE. An unauthenticated, remote attacer can exploit this, by sending a specially crafted IKE packet, to cause IKE and services dependant on IKE to stop working.
Note that Nessus has not tested for this issue but has instead relied only on the OS version.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155732);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/12/01");
script_cve_id("CVE-2021-29997");
script_xref(name:"IAVA", value:"2021-A-0504");
script_name(english:"Wind River VxWorks < 7 Build 21.03 DoS");
script_set_attribute(attribute:"synopsis", value:
"The remote VxWorks device is potentially affected by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the remote device is Wind River VxWorks 7 and it's affected by a denial of
service vulnerability due to a buffer over-read on IKE. An unauthenticated, remote attacer can exploit this, by sending
a specially crafted IKE packet, to cause IKE and services dependant on IKE to stop working.
Note that Nessus has not tested for this issue but has instead relied only on the OS version.");
# https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-29997
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df55bf91");
script_set_attribute(attribute:"solution", value:
"Contact the device vendor to obtain the appropriate update.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29997");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:windriver:vxworks");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("windriver_vxworks_rtos_detect.nbin");
script_require_keys("Host/VxWorks");
exit(0);
}
get_kb_item_or_exit('Host/VxWorks');
var version = get_kb_item('Host/VxWorks/version');
if (empty_or_null(version))
version = 'unknown';
# Only 7.x is vulnerable, but still report if unknown and paranoid
var vuln = (version == 'unknown' && report_paranoia >= 2) || version =~ "^7([^0-9]|$)";
# Cannot determine the "21.03" part of the version, so only report if paranoid
if (vuln)
{
if (report_paranoia >= 2)
{
var report =
'\n Version : ' + version +
'\n Fixed Version : See vendor advisory' +
'\n';
security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);
}
else
{
audit(AUDIT_POTENTIAL_VULN, 'VxWorks');
}
}
else if (version == 'unknown') audit(AUDIT_POTENTIAL_VULN, 'VxWorks');
else audit(AUDIT_OS_RELEASE_NOT, 'VxWorks', version);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
42.6%