What is CVE-2022-38767?

CVE-2022-38767 is a high-severity vulnerability in Wind River VxWorks that can cause Denial of Service through crafted Radius packets. Immediate action is required to mitigate this risk.

What is the severity of CVE-2022-38767?

CVE-2022-38767 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2022-38767 | High Vulnerability in Wind River VxWorks

CVE-2022-38767 is a high-severity vulnerability affecting Wind River VxWorks versions 6.9 and 7. This vulnerability allows a specifically crafted packet sent by a Radius server to cause Denial of Service during the IP Radius access procedure. With a CVSS score of 7.5, this vulnerability poses a significant risk to organizations using these versions of VxWorks.

The vulnerability has been confirmed to have a high impact on availability, which means that affected systems may become unavailable when targeted. Organizations should prioritize patching immediately, given the potential for exploitation.

Currently, there are no known exploits or public proof of concepts available for this vulnerability, which may provide a temporary buffer for organizations to assess their risk and implement remediation strategies.

Considering the potential risk to operations, organizations using Wind River VxWorks should act swiftly to mitigate this vulnerability and protect their systems from possible Denial of Service attacks.

Vulnerability Details

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. The CVSS score for this vulnerability is 7.5, indicating a high severity level.

The affected products include VxWorks versions 6.9 and 7, specifically versions prior to 6.9.4.12. The vulnerability was published on November 25, 2022, and is classified under CVSS version 3.1.

Technical Analysis

The root cause of this vulnerability lies in the handling of packets during the IP Radius access procedure. Attackers may leverage this flaw by sending specifically crafted packets that exploit the vulnerability, leading to a Denial of Service condition.

The attack vector is network-based with low attack complexity, meaning that an attacker does not require advanced skills to exploit this vulnerability. Additionally, no privileges are required to execute the attack, and user interaction is not necessary.

The impact on availability is high, as the affected systems may become inoperable due to this denial of service. However, there is no impact on confidentiality or integrity.

Risk & Impact Analysis

Risk to organizations includes significant downtime and potential disruption of critical services due to the denial of service. It is crucial for organizations to understand that the longer they remain vulnerable, the higher the likelihood of exploitation.

Organizations should assess their exposure to this vulnerability and implement necessary controls. Given the high CVSS score of 7.5 and the potential impact, organizations should address in priority patch cycle.

The urgency for remediation is underscored by the potential for attackers to exploit this vulnerability, leading to severe operational impacts.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The versions affected by this vulnerability include Wind River VxWorks 6.9 and 7, specifically all versions prior to 6.9.4.12. Organizations should review their current systems to determine if they are running any of these vulnerable versions.

Mitigation & Remediation

Organizations should apply the latest patches provided by Wind River to remediate this vulnerability. If patches are unavailable, implement configuration hardening measures and network controls to mitigate exposure.

For further insights into vulnerabilities and improving security posture, organizations may consider engaging in penetration testing to identify weaknesses and validate remediation effectiveness.

Detection Guidance

Monitoring logs for indicators of attempted exploitation and unusual network traffic patterns can assist in early detection of malicious activities. Organizations should also be vigilant for any behavioral anomalies that may indicate an attempt to exploit this vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-38767 lies in its reflection of the ongoing challenges in securing network protocols. Security teams should take this as a reminder to continuously evaluate and strengthen their defenses against such vulnerabilities.

For further reading on effective security practices, organizations may explore the following resources: vulnerability management program design and penetration testing methodology to enhance security measures.

Additionally, organizations should consider integrating API security testing into their security strategy to ensure comprehensive coverage against potential vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-38767: High Vulnerability in Wind River VxWorks