Article ID: 13278
Products
I-Series
G-Series
D-Series
SecureStack C3, C2, B3, B2, A2
RBT3K-AG, RBT3K-1G
RBTR2-A
Discussion
On August 2 2010, US-CERT issued advisory
http://www.kb.cert.org/vuls/id/362332.
The advisory overview...Some products based on [Wind River] VxWorks have the WDB
target agent debug service enabled by default. This service
provides read/write access to the device's memory and
allows functions to be called.The advisory impact...An attacker can use the debug service to fully compromise
the device.The advisory lists a number of affected vendors, including Enterasys Networks.
If within the advisory the hyperlinked
Enterasys Networks Information still reads "No statement is currently available from the vendor regarding this vulnerability.", then please refer to
this statement (.pdf, 240 KB) submitted to US-CERT on August 27 2010.
