Lucene search
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.VXWORKS_CVE-2015-3963.NASLHistoryJun 25, 2015 - 12:00 a.m.
Wind River VxWorks TCP Predictability Vulnerability
2015-06-2500:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
116
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.024 Low
EPSS
Percentile
89.9%
According to its self-reported version, the Wind River VxWorks remote device is potentially affected by a TCP predictability vulnerability that allows a man-in-the-middle attacker to predict the TCP initial sequence numbers based on previous values. This can exploited to spoof or disrupt TCP connections, or to gain access to sensitive information.
Note that Nessus has not checked for the presence of the patch so this finding may be a false positive.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(84399);
script_version("1.7");
script_cvs_date("Date: 2019/08/05 9:28:46");
script_cve_id("CVE-2015-3963");
script_bugtraq_id(75302);
script_xref(name:"ICSA", value:"15-169-01");
script_xref(name:"CERT", value:"498440");
script_name(english:"Wind River VxWorks TCP Predictability Vulnerability");
script_summary(english:"Checks the OS fingerprint.");
script_set_attribute(attribute:"synopsis", value:
"The remote VxWorks device is potentially affected by a TCP
predictability vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Wind River VxWorks remote
device is potentially affected by a TCP predictability vulnerability
that allows a man-in-the-middle attacker to predict the TCP initial
sequence numbers based on previous values. This can exploited to spoof
or disrupt TCP connections, or to gain access to sensitive
information.
Note that Nessus has not checked for the presence of the patch so this
finding may be a false positive.");
script_set_attribute(attribute:"solution", value:"Contact the device vendor for the appropriate patch.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/18");
script_set_attribute(attribute:"patch_publication_date", value:"2015/06/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/25");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:windriver:vxworks");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("os_fingerprint.nasl");
script_require_keys("Settings/ParanoidReport", "Host/OS");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
os = get_kb_item_or_exit("Host/OS");
if ("VxWorks" >!< os) audit(AUDIT_OS_NOT, "VxWorks");
match = pregmatch(pattern:"VxWorks ([0-9][0-9.]*)", string:os);
if (isnull(match)) exit(1, "Failed to identify the version of VxWorks.");
version = match[1];
if (report_paranoia < 2) audit(AUDIT_PARANOID);
fix = NULL;
patch = NULL;
# Version 7, released prior to February 13, 2015
if (version =~ "^7($|\.)")
{
fix = "7.0";
patch = "ipnet_coreip 1.2.2.0";
}
# Version 6.9 releases prior to Version 6.9.4.4
else if (version =~ "^6\.9($|\.)")
{
fix = "6.9.4.4";
}
# Version 6.8 releases prior to Version 6.8.3
else if (version =~ "^6\.8($|\.)")
{
fix = "6.8.3";
}
# Version 6.7 releases prior to Version 6.7.1.1
else if (version =~ "^6\.7($|\.)")
{
fix = "6.7.1.1";
}
# Version 6.6 and prior versions, but NOT to include Version 5.5.1
# with PNE2.2 and Version 6.0 through Version 6.4.
else if (version =~ "^6\.[56]($|\.)")
{
fix = "6.7.1.1";
}
else if (version =~ "^5\.5\.1$")
{
fix = "5.5.1";
patch = "PNE2.2";
}
else if (ver_compare(ver:version, fix:"6.0", strict:FALSE) < 0)
{
fix = "6.7.1.1";
}
if (!isnull(fix) &&
((ver_compare(ver:version, fix:fix, strict:FALSE) < 0) ||
(!isnull(patch) && ver_compare(ver:version, fix:fix, strict:FALSE) <= 0)))
{
if (report_verbosity > 0)
{
report =
'\n Version : ' + version +
'\n Fixed Version : ' + fix +
'\n';
if (!isnull(patch))
report += ' Patch : ' + patch +
'\n' +
'\nNote that Nessus has not checked for the presence' +
'\nof the patch so this finding may be a false positive.' +
'\n';
security_warning(port:0, extra:report);
}
else security_warning(0);
}
else audit(AUDIT_OS_RELEASE_NOT, "VxWorks", version);
Related
cve
cve
CVE-2015-3963
2015-08-04 01:59:07
nvd
nvd
CVE-2015-3963
2015-08-04 01:59:07
ics
ics
cvelist
cvelist
CVE-2015-3963
2015-08-04 01:00:00
prion
prion
Code injection
2015-08-04 01:59:00
nessus
nessus
openvas
openvas
TCP/IP Predictable TCP Initial Sequence Number Vulnerability
2013-04-22 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.024 Low
EPSS
Percentile
89.9%
Related for VXWORKS_CVE-2015-3963.NASL