Details of VAR-202004-0060

ID

VAR-202004-0060

CVE

CVE-2020-10647

TITLE

Wind River Systems VxWorks tftp client library resource management error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-26415 // CNNVD: CNNVD-202004-2158

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Wind River VxWorks There is a double release vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Wind River Systems VxWorks is a set of embedded real-time operating system (RTOS) from Wind River Systems. The tftp client library is one of the TFTP (Trivial File Transfer Protocol) client libraries. The tftp client library in Wind River Systems VxWorks 6.9 to 7 SR0630 has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are currently provided

Trust: 2.25

sources: NVD: CVE-2020-10647 // JVNDB: JVNDB-2020-005119 // CNVD: CNVD-2021-26415 // VULMON: CVE-2020-10647

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-26415

AFFECTED PRODUCTS

vendor:	wind river	model:	vxworks	scope:	eq	version:	6.9 から 7 sr0630	Trust: 0.8
vendor:	wind	model:	river systems vxworks sr0630	scope:	gte	version:	6.9,<=7	Trust: 0.6

sources: CNVD: CNVD-2021-26415 // JVNDB: JVNDB-2020-005119

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	JVNDB-2020-005119
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-26415
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2158
value:	CRITICAL
Trust: 0.6

NVD:	JVNDB-2020-005119
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-26415
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

NVD:	JVNDB-2020-005119
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-26415 // JVNDB: JVNDB-2020-005119 // CNNVD: CNNVD-202004-2158

PROBLEMTYPE DATA

problemtype:

CWE-415

Trust: 0.8

sources: JVNDB: JVNDB-2020-005119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-2158

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2158

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005119

PATCH

title:	CVE-2020-10647	url:	https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-10647	Trust: 0.8
title:	Patch for Wind River Systems VxWorks tftp client library resource management error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/257371	Trust: 0.6
title:	Wind River Systems VxWorks tftp client library Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118596	Trust: 0.6

sources: CNVD: CNVD-2021-26415 // JVNDB: JVNDB-2020-005119 // CNNVD: CNNVD-202004-2158

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10647	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-005119	Trust: 0.8
db:	CNVD	id:	CNVD-2021-26415	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2158	Trust: 0.6
db:	VULMON	id:	CVE-2020-10647	Trust: 0.1

sources: CNVD: CNVD-2021-26415 // VULMON: CVE-2020-10647 // JVNDB: JVNDB-2020-005119 // CNNVD: CNNVD-202004-2158 // NVD: CVE-2020-10647

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-10647	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10647	Trust: 0.8
url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2020-10647	Trust: 0.6
url:	https://vigilance.fr/vulnerability/wind-river-vxworks-use-after-free-via-tftp-32114	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-26415 // VULMON: CVE-2020-10647 // JVNDB: JVNDB-2020-005119 // CNNVD: CNNVD-202004-2158

SOURCES

db:	CNVD	id:	CNVD-2021-26415
db:	VULMON	id:	CVE-2020-10647
db:	JVNDB	id:	JVNDB-2020-005119
db:	CNNVD	id:	CNNVD-202004-2158
db:	NVD	id:	CVE-2020-10647

LAST UPDATE DATE

2024-08-14T14:38:31.429000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-26415	date:	2021-04-09T00:00:00
db:	VULMON	id:	CVE-2020-10647	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-005119	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202004-2158	date:	2020-06-10T00:00:00
db:	NVD	id:	CVE-2020-10647	date:	2023-11-07T03:14:11.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-26415	date:	2021-04-09T00:00:00
db:	VULMON	id:	CVE-2020-10647	date:	2020-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-005119	date:	2020-06-08T00:00:00
db:	CNNVD	id:	CNNVD-202004-2158	date:	2020-04-27T00:00:00
db:	NVD	id:	CVE-2020-10647	date:	2020-04-27T13:15:12.223