Integer Overflow in VxWorks _authenticate Function Allows Remote Code Execution

Integer Overflow in VxWorks _authenticate Function Allows Remote Code Execution

CVE-2015-7599 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password.

Learn more about our User Device Pen Test.