Published:2013/03/18  Last Updated:2013/03/18

VxWorks WebCLI vulnerable to denial-of-service (DoS)


The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability.

Products Affected

  • VxWorks versions 5.5 through 6.9


The VxWorks WebCLI contains a denial-of-service (DoS) vulnerability due to an issue in parsing command strings.


An attacker that can login to a CLI session may cause the current CLI session to crash.


Apply a patch
Apply the appropriate patch according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Wind River Systems Vulnerable 2013/03/18


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2013.03.18

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication login caused to be created by an administrator
  • Low-Mid
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures


Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2013-0715
JVN iPedia JVNDB-2013-000022