Vulnerability in Windriver Vxworks

CVE-2010-2966

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to…

EPSS: 0.004 (61.8th percentile) — read the EPSS interpretation.

Affected products

Windriver Vxworks — versions 6, 6.4, 5.5
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

VU#840249 (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)