Header Only - DO NOT REMOVE - Extreme Networks

Enterasys Response to US-CERT Vulnerability Advisory VU#362332


Userlevel 3
Article ID: 13278

Products
I-Series
G-Series
D-Series
SecureStack C3, C2, B3, B2, A2
RBT3K-AG, RBT3K-1G
RBTR2-A

Discussion
On August 2 2010, US-CERT issued advisory http://www.kb.cert.org/vuls/id/362332.

The advisory overview...Some products based on [Wind River] VxWorks have the WDB
target agent debug service enabled by default. This service
provides read/write access to the device's memory and
allows functions to be called.[/code]The advisory impact...An attacker can use the debug service to fully compromise
the device.[/code]The advisory lists a number of affected vendors, including Enterasys Networks.

If within the advisory the hyperlinked Enterasys Networks Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to this statement (.pdf, 240 KB) submitted to US-CERT on August 27 2010.

0 replies

Be the first to reply!

Reply