Sign-up

ID

VAR-201303-0233


CVE

CVE-2013-0712


TITLE

VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-000019

DESCRIPTION

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.SSH access may become unavailable until the next reboot when receiving a specially crafted packet after a SSH connection is established. VxWorks is an embedded real-time operating system. An attacker can pass a specially crafted packet, causing a denial of service. VxWorks is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions for legitimate users. VxWorks 6.5 through 6.9 are vulnerable; other versions may also be affected. Vendor affected: TP-Link (http://tp-link.com) Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor) Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor) Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor) Vendor response: TP-Link are not convinced that these flaws should be repaired. TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week. Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products. (TL-SG2008 first product availability July 2014...) Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.") Fix availability: None. Work-arounds advised: None possible. Remove products from network

Trust: 2.7

sources: NVD: CVE-2013-0712 // JVNDB: JVNDB-2013-000019 // CNVD: CNVD-2013-01997 // BID: 58643 // IVD: 097d99c2-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 128512

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 097d99c2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01997

AFFECTED PRODUCTS

vendor:windrivermodel:vxworksscope:eqversion:6.9

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.7

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.8

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.6

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.5

Trust: 1.6

vendor:wind rivermodel:vxworksscope:eqversion:6.5 through 6.9

Trust: 0.8

vendor:windmodel:river systems vxworks throughscope:eqversion:6.56.9

Trust: 0.6

vendor:vxworksmodel: - scope:eqversion:6.5

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.6

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.7

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.8

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9

Trust: 0.2

sources: IVD: 097d99c2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01997 // JVNDB: JVNDB-2013-000019 // CNNVD: CNNVD-201303-406 // NVD: CVE-2013-0712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0712
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2013-000019
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-01997
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201303-406
value: MEDIUM

Trust: 0.6

IVD: 097d99c2-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2013-0712
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-000019
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-01997
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 097d99c2-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 097d99c2-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-01997 // JVNDB: JVNDB-2013-000019 // CNNVD: CNNVD-201303-406 // NVD: CVE-2013-0712

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2013-0712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-406

TYPE

Input validation

Trust: 0.8

sources: IVD: 097d99c2-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-000019

PATCH
title:Information from Wind River Systemsurl:http://jvn.jp/en/jp/JVN01611135/995359/index.html
Trust: 0.8
title:Patch for VxWorks SSH server (IPSSH) Denial of Service Vulnerability (CNVD-2013-01997)url:https://www.cnvd.org.cn/patchInfo/show/32970
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-01997 // 
            
            
            
            JVNDB: JVNDB-2013-000019

EXTERNAL IDS
db:NVDid:CVE-2013-0712
Trust: 3.6
db:JVNDBid:JVNDB-2013-000019
Trust: 3.3
db:JVNid:JVN01611135
Trust: 2.7
db:CNVDid:CNVD-2013-01997
Trust: 0.8
db:CNNVDid:CNNVD-201303-406
Trust: 0.8
db:JVNid:JVN#01611135
Trust: 0.6
db:ICS CERTid:ICSA-13-091-01
Trust: 0.3
db:BIDid:58643
Trust: 0.3
db:IVDid:097D99C2-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:128512
Trust: 0.1
sources:
            
            
            IVD: 097d99c2-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-01997 // 
            
            
            
            BID: 58643 // 
            
            
            
            JVNDB: JVNDB-2013-000019 // 
            
            
            
            PACKETSTORM: 128512 // 
            
            
            
            CNNVD: CNNVD-201303-406 // 
            
            
            
            NVD: CVE-2013-0712

REFERENCES
url:http://jvn.jp/en/jp/jvn01611135/index.html
Trust: 2.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2013-000019
Trust: 1.6
url:http://jvn.jp/en/jp/jvn01611135/995359/index.html
Trust: 1.6
url:http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000019.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0712
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0712
Trust: 0.8
url:http://www.windriver.com/
Trust: 0.3
url:http://www.windriver.com/products/vxworks.html
Trust: 0.3
url:http://ics-cert.us-cert.gov/pdf/icsa-13-091-01.pdf
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2010-2966
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0713
Trust: 0.1
url:http://tp-link.com)
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0715
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2967
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-2476
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0716
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0712
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0711
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0714
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-01997 // 
            
            
            
            BID: 58643 // 
            
            
            
            JVNDB: JVNDB-2013-000019 // 
            
            
            
            PACKETSTORM: 128512 // 
            
            
            
            CNNVD: CNNVD-201303-406 // 
            
            
            
            NVD: CVE-2013-0712

CREDITS
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd.
Trust: 0.3
sources:
            
            
            BID: 58643

SOURCES
db:IVDid:097d99c2-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-01997
db:BIDid:58643
db:JVNDBid:JVNDB-2013-000019
db:PACKETSTORMid:128512
db:CNNVDid:CNNVD-201303-406
db:NVDid:CVE-2013-0712

LAST UPDATE DATE
2024-11-23T21:25:25.278000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-01997date:2013-03-25T00:00:00
db:BIDid:58643date:2015-03-19T09:15:00
db:JVNDBid:JVNDB-2013-000019date:2013-06-25T00:00:00
db:CNNVDid:CNNVD-201303-406date:2013-03-21T00:00:00
db:NVDid:CVE-2013-0712date:2024-11-21T01:48:02.950

SOURCES RELEASE DATE
db:IVDid:097d99c2-2353-11e6-abef-000c29c66e3ddate:2013-03-25T00:00:00
db:CNVDid:CNVD-2013-01997date:2013-03-25T00:00:00
db:BIDid:58643date:2013-03-18T00:00:00
db:JVNDBid:JVNDB-2013-000019date:2013-03-18T00:00:00
db:PACKETSTORMid:128512date:2014-10-01T10:11:11
db:CNNVDid:CNNVD-201303-406date:2013-03-21T00:00:00
db:NVDid:CVE-2013-0712date:2013-03-20T18:55:01.727