topic Enterasys Response to US-CERT Vulnerability Advisory VU#362332 in FAQs https://community.extremenetworks.com/t5/faqs/enterasys-response-to-us-cert-vulnerability-advisory-vu-362332/m-p/44064#M230 Article ID: 13278 <BR /> <BR /> <B>Products</B><BR /> I-Series<BR /> G-Series<BR /> D-Series<BR /> SecureStack C3, C2, B3, B2, A2<BR /> RBT3K-AG, RBT3K-1G<BR /> RBTR2-A <BR /> <BR /> <B>Discussion</B><BR /> On August 2 2010, US-CERT issued advisory <A href="http://www.kb.cert.org/vuls/id/362332" target="_blank" rel="nofollow noreferrer noopener">http://www.kb.cert.org/vuls/id/362332</A>. <BR /> <BR /> The advisory overview...Some products based on [Wind River] VxWorks have the WDB<BR /> target agent debug service enabled by default. This service<BR /> provides read/write access to the device's memory and<BR /> allows functions to be called.The advisory impact...An attacker can use the debug service to fully compromise<BR /> the device.The advisory lists a number of affected vendors, including Enterasys Networks. <BR /> <BR /> If within the advisory the hyperlinked <A href="http://www.kb.cert.org/vuls/id/MAPG-86JRWV" target="_blank" rel="nofollow noreferrer noopener">Enterasys Networks</A> Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to <A href="https://extremenetworks.box.com/shared/static/33it0dtlo8oa60r08uhn.pdf" target="_blank" rel="nofollow noreferrer noopener">this statement</A> (.pdf, 240 KB) submitted to US-CERT on August 27 2010. Tue, 03 Dec 2013 03:48:00 GMT FAQ_User 2013-12-03T03:48:00Z Enterasys Response to US-CERT Vulnerability Advisory VU#362332 https://community.extremenetworks.com/t5/faqs/enterasys-response-to-us-cert-vulnerability-advisory-vu-362332/m-p/44064#M230 Article ID: 13278 <BR /> <BR /> <B>Products</B><BR /> I-Series<BR /> G-Series<BR /> D-Series<BR /> SecureStack C3, C2, B3, B2, A2<BR /> RBT3K-AG, RBT3K-1G<BR /> RBTR2-A <BR /> <BR /> <B>Discussion</B><BR /> On August 2 2010, US-CERT issued advisory <A href="http://www.kb.cert.org/vuls/id/362332" target="_blank" rel="nofollow noreferrer noopener">http://www.kb.cert.org/vuls/id/362332</A>. <BR /> <BR /> The advisory overview...Some products based on [Wind River] VxWorks have the WDB<BR /> target agent debug service enabled by default. This service<BR /> provides read/write access to the device's memory and<BR /> allows functions to be called.The advisory impact...An attacker can use the debug service to fully compromise<BR /> the device.The advisory lists a number of affected vendors, including Enterasys Networks. <BR /> <BR /> If within the advisory the hyperlinked <A href="http://www.kb.cert.org/vuls/id/MAPG-86JRWV" target="_blank" rel="nofollow noreferrer noopener">Enterasys Networks</A> Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to <A href="https://extremenetworks.box.com/shared/static/33it0dtlo8oa60r08uhn.pdf" target="_blank" rel="nofollow noreferrer noopener">this statement</A> (.pdf, 240 KB) submitted to US-CERT on August 27 2010. Tue, 03 Dec 2013 03:48:00 GMT https://community.extremenetworks.com/t5/faqs/enterasys-response-to-us-cert-vulnerability-advisory-vu-362332/m-p/44064#M230 FAQ_User 2013-12-03T03:48:00Z