CVE-2019-12256

high-risk

Published 2019-08-09

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

Do I need to act?

13.8% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (16)

Vxworks

E-Series Santricity Os Controller

Sonicos

Siprotec 5 Firmware

Power Meter 9410 Firmware

Power Meter 9810 Firmware

Ruggedcom Win7000 Firmware

Ruggedcom Win7018 Firmware

Ruggedcom Win7025 Firmware

Ruggedcom Win7200 Firmware

Hirschmann Hios

Garrettcom Magnum Dx940E Firmware

Affected Vendors

Windriver Siemens Sonicwall Netapp Belden

References (18)

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Third Party Advisory https://security.netapp.com/advisory/ntap-20190802-0001/

Third Party Advisory https://support.f5.com/csp/article/K41190253

Vendor Advisory https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256

Issue Tracking https://support2.windriver.com/index.php?page=security-notices

Vendor Advisory https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urge...