VDB

GCVE-110-CERTCC-2010-362332

GCVE-110-CERTCC-2010-362332
Advisory PublishedCVSS 10.0/10
Vulnetix · Advisory published August 2, 2010
### Overview ### Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. ### Description ### The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.<br/><br/>Additional information can be found in ICS-CERT advisory <a href="http://www.us-cert.gov/control_systems/pdf/ICSA-10-214-01_VxWorks_Vulnerabilities.pdf">ICSA-10-214-01</a> and on the <a href="https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities">Metasploit Blog</a>. ### Impact An attacker can use the debug service to fully compromise the device. ### Solution #### Disable debug agent Vendors should remove the WDB target debug agent in their VxWorks based products by removing the INCLUDE_WDB &amp; INCLUDE_DEBUG components from their VxWorks Image. #### Restrict access Appropriate firewall rules should be implemented to restrict access to the debug service (17185/udp) to only trusted sources until vendors have released patches to disable it. ### Acknowledgements Thanks to HD Moore for reporting a wider scope with additional research related to this vulnerability. Earlier public reports came from Bennett Todd and Shawn Merdinger. This document was written by Jared Allar.

Risk Scores

CVSS 2.0
10.0/10
Critical · AV:N/AC:L/Au:N/C:C/I:C/A:C
certcc-cam
certcc-cam
impact15population16exploitation0widely_known10score_current14.04ease_of_exploitation15
certcc-vrda
certcc-vrda
d1_impact4d1_population4d1_direct_report1
certcc-cvss-temporal-env
certcc-cvss-temporal-env
temporal_score9.5remediation_levelWreport_confidenceCenvironmental_score9.494769984target_distributionHenvironmental_vectorCDP:ND/TD:H/CR:ND/IR:ND/AR:ND

Browse GCVE Records

73,196 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›