{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/362332#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview ###\r\nSome products based on VxWorks have the WDB target agent debug service enabled by default.  This service provides read/write access to the device's memory and allows functions to be called.\r\n\r\n### Description ###\r\nThe VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system.\r\n\r\nIt is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image.  It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications.\r\n\r\nConsult the VxWorks Kernel Programmer's guide for more information on WDB.<br/><br/>Additional information can be found in ICS-CERT advisory <a href=\"http://www.us-cert.gov/control_systems/pdf/ICSA-10-214-01_VxWorks_Vulnerabilities.pdf\">ICSA-10-214-01</a> and on the <a href=\"https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities\">Metasploit Blog</a>.\r\n\r\n### Impact\r\nAn attacker can use the debug service to fully compromise the device.\r\n\r\n### Solution\r\n#### Disable debug agent\r\nVendors should remove the WDB target debug agent in their VxWorks based products by removing the INCLUDE_WDB &amp; INCLUDE_DEBUG components from their VxWorks Image.\r\n\r\n#### Restrict access\r\nAppropriate firewall rules should be implemented to restrict access to the debug service (17185/udp) to only trusted sources until vendors have released patches to disable it.\r\n\r\n### Acknowledgements\r\nThanks to HD Moore for reporting a wider scope with additional research related to this vulnerability.  Earlier public reports came from Bennett Todd and Shawn Merdinger.\r\n\r\nThis document was written by Jared Allar.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Security Advisory Report - OBSO-1010-01\nEnabled VxWorks debug service\nCreation Date:  2010-10-15\nLast Update:     2010-10-15 Summary\nA security researcher has identified a large number of products based on the VxWorks platform provided by Wind River Systems with a debug service enabled by default at port 17185/udp. Vulnerability Details\nThe debug service provides full access to the memory of an affected device and allows for memory to be written as well as functions to be called. Of the various products based on VxWorks, the following are not affected by this vulnerability: HiPath Wireless Convergence, RG 8700, optiPoint 410/420 SIP and HFA (V5). Affected Products\nHiPath 3000 (HG 1500 Gateway)\nHiPath 4000 (HG 35xx Gateway)\noptiPoint 410/420 HFA, versions before V5\noptiPoint 600 office Recommended Actions\nIn general, it is recommended not to attach the mentioned systems directly at the internet. Appropriate firewall rules should be implemented to restrict access to the debug service (17185/udp). The problem is solved in the following versions; an update to these or higher versions is highly recommended: HiPath 3000 V8: V8 R5.2.0\nHiPath 4000 V4: V4 R4.1.12\nHiPath 4000 V5: V5 R1.2.4 Please note: HiPath 3000 V7: You need to upgrade the HG 1500 gateway only. Please use V8 R5.2.0 for this. You may keep the system itself in V7. HiPath 3000 V6 and earlier have reached end of SW support; please consider an upgrade to V7 or V8\nHiPath 4000 V3 and earlier have reached end of SW support; please consider an upgrade to V4 or higher. Some older, unsupported versions of optiPoint 410/420 HFA IP phones are also vulnerable. Please ensure, that V5 is installed on all phones. optiPoint 600 office has reached end of life since a few years already; an update is unfortunately not available References\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2965\nhttp://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\nhttp://www.kb.cert.org/vuls/id/362332 Revision History\n2010-10-15 Initial release Contact and Disclaimer\nOpenScale Baseline Security Office\nobso@siemens-enterprise.com\n© Siemens Enterprise Communications GmbH & Co KG 2010\nSiemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG The information provided in this document is subject to change without notice. Siemens Enterpise Communications GmbH & Co KG (SEN) assumes no responsibility for any errors that may appear in this document, and it does not affect your current support agreements with SEN. Any trademarks referenced in this document are the property of their respective owners. ---End Vendor Statement-------------------------------------------------------------------","title":"Vendor statment from Siemens"},{"category":"other","text":"The vendor provided the above advisory information for their affected products.","title":"CERT/CC comment on Siemens notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Rockwell Automation"},{"category":"other","text":"Rockwell Automation 1756-ENBT series A running firmware versions 3.2.6 and 3.6.1 are vulnerable. Please see Rockwell Automation Technote 69735 for more information.","title":"CERT/CC comment on Rockwell Automation notes"},{"category":"other","text":"Wind River has analyzed VU#362332, and determined that all versions of VxWorks could be vulnerable if the WDB agent is left enabled in production systems and the system is network attached. VxWorks has a very strong track record of offering secure products and Wind River is committed to active threat monitoring, rapid assessment, threat prioritization, expedited remediation, response and proactive customer contact. Customers are encouraged to follow the remediation actions outlined in the SOLUTION section of the vulnerability post. Registered users can access Wind River's online support for more information by following this link: https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708 Or contact Wind River technical support for more information: http://windriver.com/support/","title":"Vendor statment from Wind River"},{"category":"other","text":"Within the VxWorks Kernel programmers guide it states: “For production systems, you will want to reconfigure VxWorks with only those components needed for deployed operation, and to build it as the appropriate type of system image. You will likely want to remove components required for host development support, such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG), as well as to remove any other operating system components not required to support your application. Other considerations may include reducing the memory requirements of the system, speeding up boot time, and security issues.”","title":"CERT/CC comment on Wind River notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Cisco"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Cisco notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Brocade Communication Systems"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Brocade Communication Systems notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Apple"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Apple notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Enterasys Networks"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Enterasys Networks notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Guangzhou Gaoke Communications"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Guangzhou Gaoke Communications notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Enablence"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Enablence notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Dell"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Dell notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Mitel Networks Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Mitel Networks Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Fluke Networks"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Fluke Networks notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Keda Communications"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Keda Communications notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Alcatel-Lucent Enterprise"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Alcatel-Lucent Enterprise notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Knovative Inc"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Knovative Inc notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Foundry Brocade"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Foundry Brocade notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Netgear Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Netgear Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from ShoreTel Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on ShoreTel Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from ARRIS"},{"category":"other","text":"The following products have been reported to be affected: ARRIS C3™ Cable Modem Termination System Firmware Release <=4.4.4.13","title":"CERT/CC comment on ARRIS notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from 3com Inc. (Inactive)"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on 3com Inc. (Inactive) notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Hewlett Packard Enterprise"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Hewlett Packard Enterprise notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Actelis Networks"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Actelis Networks notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from SEIKO EPSON Corp. /  Epson America Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on SEIKO EPSON Corp. /  Epson America Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from SFR"},{"category":"other","text":"newsoft reports that the SFR (formerly Neuf Cegetel and Neuf Telecom) Trio3C has the debug service enabled.","title":"CERT/CC comment on SFR notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Schneider Electric"},{"category":"other","text":"The Modicon M340 with firmware version 2.5 was reported to run VxWorks 6.4 and have the debug port enabled.","title":"CERT/CC comment on Schneider Electric notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from DrayTek Corporation"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on DrayTek Corporation notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Gilat Network Systems"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Gilat Network Systems notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Maipu Communication Technology"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Maipu Communication Technology notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Dell EMC"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Dell EMC notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Lenovo"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Lenovo notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Tut Systems"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Tut Systems notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from IWATSU Voice Networks"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on IWATSU Voice Networks notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Digicom"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Digicom notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Alvarion (Inactive)"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Alvarion (Inactive) notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Lutron Electronics"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Lutron Electronics notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Allied Telesis"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Allied Telesis notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Intel"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Intel notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Rad Vision Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Rad Vision Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from SMC Networks Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on SMC Networks Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Polycom"},{"category":"other","text":"The release notes for SoundPoint IP/SoundStation IP SIP software states that version 3.1.2 has closed the debug port. \"47450: Port 17185 is open, presenting a security risk\" http://downloads.polycom.com/voice/voip/relnotes/spip_ssip_v3_1_6_Legacy_release_notes.pdf","title":"CERT/CC comment on Polycom notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Ricoh Company Ltd."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Ricoh Company Ltd. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Nortel Networks Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Nortel Networks Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Nokia"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Nokia notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from D-Link Systems Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on D-Link Systems Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Avaya Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Avaya Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Aperto Networks"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Aperto Networks notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Motorola Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Motorola Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Canon"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Canon notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Ceragon Networks Inc"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Ceragon Networks Inc notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Broadcom"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Broadcom notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from amx"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on amx notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from TRENDnet"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on TRENDnet notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Proxim Inc."},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Proxim Inc. notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Ericsson"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Ericsson notes"},{"category":"other","text":"No statement is currently available from the vendor regarding this vulnerability.","title":"Vendor statment from Xerox"},{"category":"other","text":"There are no additional comments at this time.","title":"CERT/CC comment on Xerox notes"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/362332"},{"url":"http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml","summary":"http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml"},{"url":"http://seclists.org/vuln-dev/2002/May/179","summary":"http://seclists.org/vuln-dev/2002/May/179"},{"url":"https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities","summary":"https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-10-214-01_VxWorks_Vulnerabilities.pdf","summary":"http://www.us-cert.gov/control_systems/pdf/ICSA-10-214-01_VxWorks_Vulnerabilities.pdf"},{"url":"http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html","summary":"http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"},{"url":"https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708","summary":"https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708"},{"url":"http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html","summary":"http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html"},{"url":"http://cwe.mitre.org/data/definitions/215.html","summary":"http://cwe.mitre.org/data/definitions/215.html"},{"url":"http://cwe.mitre.org/data/definitions/505.html","summary":"http://cwe.mitre.org/data/definitions/505.html"},{"url":"http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735","summary":"Reference(s) from vendor \"Rockwell Automation\""},{"url":"http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml","summary":"Reference(s) from vendor \"Cisco\""}],"title":"Wind River Systems VxWorks debug service enabled by default","tracking":{"current_release_date":"2020-09-02T15:51:46+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#362332","initial_release_date":"2010-08-02 00:00:00+00:00","revision_history":[{"date":"2020-09-02T15:51:46+00:00","number":"1.20200902155146.87","summary":"Released on 2020-09-02T15:51:46+00:00"}],"status":"final","version":"1.20200902155146.87"}},"vulnerabilities":[{"title":"The WDB target agent debug service in Wind River VxWorks 6.","notes":[{"category":"summary","text":"The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804."}],"cve":"CVE-2010-2965","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#362332"}],"product_status":{"known_affected":["CSAFPID-20dc8ad8-39cd-11f1-8422-122e2785dc9f","CSAFPID-20dcdd4e-39cd-11f1-8422-122e2785dc9f","CSAFPID-20dd31c2-39cd-11f1-8422-122e2785dc9f","CSAFPID-20dd80f0-39cd-11f1-8422-122e2785dc9f","CSAFPID-20ddbf48-39cd-11f1-8422-122e2785dc9f","CSAFPID-20ddf1c0-39cd-11f1-8422-122e2785dc9f","CSAFPID-20de1df8-39cd-11f1-8422-122e2785dc9f","CSAFPID-20de4986-39cd-11f1-8422-122e2785dc9f","CSAFPID-20de74ba-39cd-11f1-8422-122e2785dc9f","CSAFPID-20de9eb8-39cd-11f1-8422-122e2785dc9f","CSAFPID-20decc94-39cd-11f1-8422-122e2785dc9f","CSAFPID-20df19f6-39cd-11f1-8422-122e2785dc9f","CSAFPID-20df45e8-39cd-11f1-8422-122e2785dc9f","CSAFPID-20dfae48-39cd-11f1-8422-122e2785dc9f","CSAFPID-20dfdabc-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e0120c-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e03a16-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e064f0-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e08be2-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e0c738-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e0f532-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e147b2-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e18f9c-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e1c098-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e1f93c-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e22998-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e27916-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e2ad1e-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e2e572-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e32910-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e35f66-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e3c0b4-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e40aba-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e442aa-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e476b2-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e4d13e-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e5369c-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e56bb2-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e5a294-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e5d99e-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e61fee-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e65b76-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e686a0-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e6d100-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e75c6a-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e79b8a-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e7dc94-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e81ed4-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e855d4-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e88950-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e8c640-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e90d1c-39cd-11f1-8422-122e2785dc9f","CSAFPID-20e9579a-39cd-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-20e509c4-39cd-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Lenovo","product":{"name":"Lenovo Products","product_id":"CSAFPID-20dc8ad8-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Tut Systems","product":{"name":"Tut Systems Products","product_id":"CSAFPID-20dcdd4e-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"IWATSU Voice Networks","product":{"name":"IWATSU Voice Networks Products","product_id":"CSAFPID-20dd31c2-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Digicom","product":{"name":"Digicom Products","product_id":"CSAFPID-20dd80f0-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Dell EMC","product":{"name":"Dell EMC Products","product_id":"CSAFPID-20ddbf48-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Maipu Communication Technology","product":{"name":"Maipu Communication Technology Products","product_id":"CSAFPID-20ddf1c0-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Alvarion (Inactive)","product":{"name":"Alvarion (Inactive) Products","product_id":"CSAFPID-20de1df8-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gilat Network Systems","product":{"name":"Gilat Network Systems Products","product_id":"CSAFPID-20de4986-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Lutron Electronics","product":{"name":"Lutron Electronics Products","product_id":"CSAFPID-20de74ba-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"DrayTek Corporation","product":{"name":"DrayTek Corporation Products","product_id":"CSAFPID-20de9eb8-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Allied Telesis","product":{"name":"Allied Telesis Products","product_id":"CSAFPID-20decc94-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Schneider Electric","product":{"name":"Schneider Electric Products","product_id":"CSAFPID-20df19f6-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SFR","product":{"name":"SFR Products","product_id":"CSAFPID-20df45e8-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-20df70ea-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SEIKO EPSON Corp. /  Epson America Inc.","product":{"name":"SEIKO EPSON Corp. /  Epson America Inc. Products","product_id":"CSAFPID-20dfae48-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Rad Vision Inc.","product":{"name":"Rad Vision Inc. Products","product_id":"CSAFPID-20dfdabc-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Actelis Networks","product":{"name":"Actelis Networks Products","product_id":"CSAFPID-20e0120c-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SMC Networks Inc.","product":{"name":"SMC Networks Inc. Products","product_id":"CSAFPID-20e03a16-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Hewlett Packard Enterprise","product":{"name":"Hewlett Packard Enterprise Products","product_id":"CSAFPID-20e064f0-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Polycom","product":{"name":"Polycom Products","product_id":"CSAFPID-20e08be2-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"3com Inc. (Inactive)","product":{"name":"3com Inc. (Inactive) Products","product_id":"CSAFPID-20e0c738-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Ricoh Company Ltd.","product":{"name":"Ricoh Company Ltd. Products","product_id":"CSAFPID-20e0f532-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ARRIS","product":{"name":"ARRIS Products","product_id":"CSAFPID-20e147b2-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Nortel Networks Inc.","product":{"name":"Nortel Networks Inc. Products","product_id":"CSAFPID-20e18f9c-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ShoreTel Inc.","product":{"name":"ShoreTel Inc. Products","product_id":"CSAFPID-20e1c098-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Netgear Inc.","product":{"name":"Netgear Inc. Products","product_id":"CSAFPID-20e1f93c-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Nokia","product":{"name":"Nokia Products","product_id":"CSAFPID-20e22998-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Foundry Brocade","product":{"name":"Foundry Brocade Products","product_id":"CSAFPID-20e27916-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"D-Link Systems Inc.","product":{"name":"D-Link Systems Inc. Products","product_id":"CSAFPID-20e2ad1e-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Knovative Inc","product":{"name":"Knovative Inc Products","product_id":"CSAFPID-20e2e572-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Alcatel-Lucent Enterprise","product":{"name":"Alcatel-Lucent Enterprise Products","product_id":"CSAFPID-20e32910-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Avaya Inc.","product":{"name":"Avaya Inc. Products","product_id":"CSAFPID-20e35f66-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Keda Communications","product":{"name":"Keda Communications Products","product_id":"CSAFPID-20e3c0b4-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aperto Networks","product":{"name":"Aperto Networks Products","product_id":"CSAFPID-20e40aba-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fluke Networks","product":{"name":"Fluke Networks Products","product_id":"CSAFPID-20e442aa-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Motorola Inc.","product":{"name":"Motorola Inc. Products","product_id":"CSAFPID-20e476b2-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Mitel Networks Inc.","product":{"name":"Mitel Networks Inc. Products","product_id":"CSAFPID-20e4d13e-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Canon","product":{"name":"Canon Products","product_id":"CSAFPID-20e509c4-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Dell","product":{"name":"Dell Products","product_id":"CSAFPID-20e5369c-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Enablence","product":{"name":"Enablence Products","product_id":"CSAFPID-20e56bb2-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Ceragon Networks Inc","product":{"name":"Ceragon Networks Inc Products","product_id":"CSAFPID-20e5a294-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Guangzhou Gaoke Communications","product":{"name":"Guangzhou Gaoke Communications Products","product_id":"CSAFPID-20e5d99e-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Broadcom","product":{"name":"Broadcom Products","product_id":"CSAFPID-20e61fee-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Enterasys Networks","product":{"name":"Enterasys Networks Products","product_id":"CSAFPID-20e65b76-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Apple","product":{"name":"Apple Products","product_id":"CSAFPID-20e686a0-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"amx","product":{"name":"amx Products","product_id":"CSAFPID-20e6d100-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Brocade Communication Systems","product":{"name":"Brocade Communication Systems Products","product_id":"CSAFPID-20e70a58-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Cisco","product":{"name":"Cisco Products","product_id":"CSAFPID-20e75c6a-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"TRENDnet","product":{"name":"TRENDnet Products","product_id":"CSAFPID-20e79b8a-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Proxim Inc.","product":{"name":"Proxim Inc. Products","product_id":"CSAFPID-20e7dc94-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Rockwell Automation","product":{"name":"Rockwell Automation Products","product_id":"CSAFPID-20e81ed4-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Siemens","product":{"name":"Siemens Products","product_id":"CSAFPID-20e855d4-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Ericsson","product":{"name":"Ericsson Products","product_id":"CSAFPID-20e88950-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Wind River","product":{"name":"Wind River Products","product_id":"CSAFPID-20e8c640-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Xerox","product":{"name":"Xerox Products","product_id":"CSAFPID-20e90d1c-39cd-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Huawei","product":{"name":"Huawei Products","product_id":"CSAFPID-20e9579a-39cd-11f1-8422-122e2785dc9f"}}]}}