Enterasys Response to US-CERT Vulnerability Advisory VU#362332

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 13278 

Products
I-Series
G-Series
D-Series
SecureStack C3, C2, B3, B2, A2
RBT3K-AG, RBT3K-1G
RBTR2-A 

Discussion
On August 2 2010, US-CERT issued advisory http://www.kb.cert.org/vuls/id/362332

The advisory overview...
Some products based on [Wind River] VxWorks have the WDB
target agent debug service enabled by default. This service
provides read/write access to the device's memory and
allows functions to be called.
The advisory impact...
An attacker can use the debug service to fully compromise
the device.
The advisory lists a number of affected vendors, including Enterasys Networks. 

If within the advisory the hyperlinked Enterasys Networks Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to this statement (.pdf, 240 KB) submitted to US-CERT on August 27 2010.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.