Article ID: 13278
SecureStack C3, C2, B3, B2, A2
On August 2 2010, US-CERT issued advisory http://www.kb.cert.org/vuls/id/362332
The advisory overview...Some products based on [Wind River] VxWorks have the WDB
target agent debug service enabled by default. This service
provides read/write access to the device's memory and
allows functions to be called.[/code]The advisory impact...An attacker can use the debug service to fully compromise
the device.[/code]The advisory lists a number of affected vendors, including Enterasys Networks.
If within the advisory the hyperlinked Enterasys Networks
Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to this statement
(.pdf, 240 KB) submitted to US-CERT on August 27 2010.