Sign-up

ID

VAR-201303-0235


CVE

CVE-2013-0714


TITLE

VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-000021

DESCRIPTION

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability. The SSH server (IPSSH) implementation in VxWorks contains a denial-of-service (DoS) vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. In addition, arbitrary code may be executed on the server. VxWorks is an embedded real-time operating system. Wind River VxWorks is a set of real-time operating systems for the Internet of Things developed by Wind River. Vulnerabilities in IPSSH (aka SSH Server) in Wind River VxWorks 6.5 to 6.9. VxWorks is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected SSH access to be unavailable, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. VxWorks 6.5 through version 6.9 are vulnerable; other versions may also be affected. Vendor affected: TP-Link (http://tp-link.com) Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor) Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor) Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor) Vendor response: TP-Link are not convinced that these flaws should be repaired. TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week. Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products. (TL-SG2008 first product availability July 2014...) Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.") Fix availability: None. Work-arounds advised: None possible. Remove products from network

Trust: 3.24

sources: NVD: CVE-2013-0714 // JVNDB: JVNDB-2013-000021 // CNVD: CNVD-2013-02002 // CNNVD: CNNVD-201303-408 // BID: 58642 // IVD: 09730b60-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 128512

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 09730b60-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02002

AFFECTED PRODUCTS

vendor:windrivermodel:vxworksscope:eqversion:6.9

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.7

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.8

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.6

Trust: 1.6

vendor:windrivermodel:vxworksscope:eqversion:6.5

Trust: 1.6

vendor:wind rivermodel:vxworksscope:eqversion:6.5 through 6.9

Trust: 0.8

vendor:windmodel:river systems vxworks throughscope:eqversion:6.56.9

Trust: 0.6

vendor:vxworksmodel: - scope:eqversion:6.5

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.6

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.7

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.8

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9

Trust: 0.2

sources: IVD: 09730b60-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02002 // JVNDB: JVNDB-2013-000021 // CNNVD: CNNVD-201303-408 // NVD: CVE-2013-0714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0714
value: HIGH

Trust: 1.0

IPA: JVNDB-2013-000021
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-02002
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201303-408
value: CRITICAL

Trust: 0.6

IVD: 09730b60-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2013-0714
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-000021
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-02002
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 09730b60-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 09730b60-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02002 // JVNDB: JVNDB-2013-000021 // CNNVD: CNNVD-201303-408 // NVD: CVE-2013-0714

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2013-0714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-408

TYPE

Input validation

Trust: 0.8

sources: IVD: 09730b60-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-000021

PATCH
title:Information from Wind River Systemsurl:http://jvn.jp/en/jp/JVN20671901/995359/index.html
Trust: 0.8
title:Patch for VxWorks SSH server (IPSSH) Denial of Service Vulnerability (CNVD-2013-02002)url:https://www.cnvd.org.cn/patchInfo/show/32972
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02002 // 
            
            
            
            JVNDB: JVNDB-2013-000021

EXTERNAL IDS
db:NVDid:CVE-2013-0714
Trust: 3.6
db:JVNDBid:JVNDB-2013-000021
Trust: 3.0
db:JVNid:JVN20671901
Trust: 2.4
db:ICS CERTid:ICSA-13-091-01
Trust: 1.8
db:CNVDid:CNVD-2013-02002
Trust: 0.8
db:CNNVDid:CNNVD-201303-408
Trust: 0.8
db:JVNid:JVN#20671901
Trust: 0.6
db:BIDid:58642
Trust: 0.3
db:IVDid:09730B60-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:128512
Trust: 0.1
sources:
            
            
            IVD: 09730b60-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02002 // 
            
            
            
            BID: 58642 // 
            
            
            
            JVNDB: JVNDB-2013-000021 // 
            
            
            
            PACKETSTORM: 128512 // 
            
            
            
            CNNVD: CNNVD-201303-408 // 
            
            
            
            NVD: CVE-2013-0714

REFERENCES
url:http://jvn.jp/en/jp/jvn20671901/index.html
Trust: 2.4
url:http://ics-cert.us-cert.gov/advisories/icsa-13-091-01
Trust: 1.8
url:http://jvndb.jvn.jp/jvndb/jvndb-2013-000021
Trust: 1.6
url:http://jvn.jp/en/jp/jvn20671901/995359/index.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0714
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0714
Trust: 0.8
url:http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000021.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2010-2966
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0713
Trust: 0.1
url:http://tp-link.com)
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0715
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2967
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-2476
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0716
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0712
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0711
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0714
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-02002 // 
            
            
            
            JVNDB: JVNDB-2013-000021 // 
            
            
            
            PACKETSTORM: 128512 // 
            
            
            
            CNNVD: CNNVD-201303-408 // 
            
            
            
            NVD: CVE-2013-0714

CREDITS
Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd
Trust: 0.3
sources:
            
            
            BID: 58642

SOURCES
db:IVDid:09730b60-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02002
db:BIDid:58642
db:JVNDBid:JVNDB-2013-000021
db:PACKETSTORMid:128512
db:CNNVDid:CNNVD-201303-408
db:NVDid:CVE-2013-0714

LAST UPDATE DATE
2024-11-23T21:21:00.815000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02002date:2013-05-24T00:00:00
db:BIDid:58642date:2015-03-19T08:10:00
db:JVNDBid:JVNDB-2013-000021date:2013-06-25T00:00:00
db:CNNVDid:CNNVD-201303-408date:2013-04-25T00:00:00
db:NVDid:CVE-2013-0714date:2024-11-21T01:48:03.190

SOURCES RELEASE DATE
db:IVDid:09730b60-2353-11e6-abef-000c29c66e3ddate:2013-03-25T00:00:00
db:CNVDid:CNVD-2013-02002date:2013-03-25T00:00:00
db:BIDid:58642date:2013-03-18T00:00:00
db:JVNDBid:JVNDB-2013-000021date:2013-03-18T00:00:00
db:PACKETSTORMid:128512date:2014-10-01T10:11:11
db:CNNVDid:CNNVD-201303-408date:2013-03-21T00:00:00
db:NVDid:CVE-2013-0714date:2013-03-20T18:55:01.767