CVE-2019-12260 | ByteOS Network

Vulnerability Details :

CVE-2019-12260

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-09 Aug, 2019 | 20:18

Updated At-04 Aug, 2024 | 23:17

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:09 Aug, 2019 | 20:18

Updated At:04 Aug, 2024 | 23:17

▼CVE Numbering Authority (CNA)

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

Affected Products

Vendor

Product

Versions

Affected

n/a

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
https://support2.windriver.com/index.php?page=security-notices	x_refsource_MISC
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190802-0001/	x_refsource_CONFIRM
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	x_refsource_CONFIRM
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260	x_refsource_MISC
https://support.f5.com/csp/article/K41190253	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC

Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html

Resource:

x_refsource_MISC

Hyperlink: https://support2.windriver.com/index.php?page=security-notices

Resource:

x_refsource_MISC

Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Resource:

x_refsource_CONFIRM

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: https://security.netapp.com/advisory/ntap-20190802-0001/

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Resource:

x_refsource_CONFIRM

Hyperlink: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260

Resource:

x_refsource_MISC

Hyperlink: https://support.f5.com/csp/article/K41190253

Resource:

x_refsource_CONFIRM

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC x_transferred
https://support2.windriver.com/index.php?page=security-notices	x_refsource_MISC x_transferred
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	x_refsource_CONFIRM x_transferred
https://security.netapp.com/advisory/ntap-20190802-0001/	x_refsource_CONFIRM x_transferred
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	x_refsource_CONFIRM x_transferred
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260	x_refsource_MISC x_transferred
https://support.f5.com/csp/article/K41190253	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	x_refsource_CONFIRM x_transferred
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC x_transferred

Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support2.windriver.com/index.php?page=security-notices

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://security.netapp.com/advisory/ntap-20190802-0001/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://support.f5.com/csp/article/K41190253

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:cve@mitre.org

Published At:09 Aug, 2019 | 21:15

Updated At:12 Aug, 2022 | 18:44

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

windriver>>vxworks>>Versions from 6.5(inclusive) to 6.9.4.12(exclusive)

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

windriver>>vxworks>>7.0

cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*

>>sonicos>>Versions from 5.9.0.0(inclusive) to 5.9.0.7(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 5.9.1.0.(inclusive) to 5.9.1.12(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.2.0.0(inclusive) to 6.2.3.1(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.2.4.0(inclusive) to 6.2.4.3(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.2.5.0(inclusive) to 6.2.5.3(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.2.6.0(inclusive) to 6.2.6.1(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.2.7.0(inclusive) to 6.2.7.4(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.2.9.0(inclusive) to 6.2.9.2(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.5.0.0(inclusive) to 6.5.0.3(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.5.1.0(inclusive) to 6.5.1.4(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.5.2.0(inclusive) to 6.5.2.3(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.5.3.0(inclusive) to 6.5.3.3(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>Versions from 6.5.4.0.(inclusive) to 6.5.4.3(inclusive)

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

>>sonicos>>6.2.7.0

cpe:2.3:o:sonicwall:sonicos:6.2.7.0:*:*:*:*:*:*:*

>>sonicos>>6.2.7.1

cpe:2.3:o:sonicwall:sonicos:6.2.7.1:*:*:*:*:*:*:*

>>sonicos>>6.2.7.7

cpe:2.3:o:sonicwall:sonicos:6.2.7.7:*:*:*:*:*:*:*

>>siprotec_5>>-

cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:*

>>siprotec_5_firmware>>Versions before 7.59(exclusive)

cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp200

>>e-series_santricity_os_controller>>Versions from 8.00(inclusive) to 8.40.50.00(inclusive)

cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

>>siprotec_5>>-

cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:*

>>siprotec_5_firmware>>Versions before 7.91(exclusive)

cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp300

>>power_meter_9410>>-

cpe:2.3:h:siemens:power_meter_9410:-:*:*:*:*:*:*:*

>>power_meter_9410_firmware>>Versions before 2.2.1(exclusive)

cpe:2.3:o:siemens:power_meter_9410_firmware:*:*:*:*:*:*:*:*

>>power_meter_9810>>-

cpe:2.3:h:siemens:power_meter_9810:-:*:*:*:*:*:*:*

>>power_meter_9810_firmware>>*

cpe:2.3:o:siemens:power_meter_9810_firmware:*:*:*:*:*:*:*:*

>>ruggedcom_win7000>>-

cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*

>>ruggedcom_win7000_firmware>>Versions before bs5.2.461.17(exclusive)

cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*

>>ruggedcom_win7018>>-

cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*

>>ruggedcom_win7018_firmware>>Versions before bs5.2.461.17(exclusive)

cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*

>>ruggedcom_win7025>>-

cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*

>>ruggedcom_win7025_firmware>>Versions before bs5.2.461.17(exclusive)

cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*

>>ruggedcom_win7200_firmware>>Versions before bs5.2.461.17(exclusive)

cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*

>>ruggedcom_win7200>>-

cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*

Oracle Corporation

>>communications_eagle>>Versions from 46.6.0(inclusive) to 46.8.2(inclusive)

cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*

belden>>hirschmann_hios>>Versions up to 07.0.07(inclusive)

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

belden>>hirschmann_ees20>>-

cpe:2.3:h:belden:hirschmann_ees20:-:*:*:*:*:*:*:*

belden>>hirschmann_ees25>>-

cpe:2.3:h:belden:hirschmann_ees25:-:*:*:*:*:*:*:*

belden>>hirschmann_eesx20>>-

cpe:2.3:h:belden:hirschmann_eesx20:-:*:*:*:*:*:*:*

belden>>hirschmann_eesx30>>-

cpe:2.3:h:belden:hirschmann_eesx30:-:*:*:*:*:*:*:*

belden>>hirschmann_grs1020>>-

cpe:2.3:h:belden:hirschmann_grs1020:-:*:*:*:*:*:*:*

belden>>hirschmann_grs1030>>-

cpe:2.3:h:belden:hirschmann_grs1030:-:*:*:*:*:*:*:*

belden>>hirschmann_grs1042>>-

cpe:2.3:h:belden:hirschmann_grs1042:-:*:*:*:*:*:*:*

belden>>hirschmann_grs1120>>-

cpe:2.3:h:belden:hirschmann_grs1120:-:*:*:*:*:*:*:*

belden>>hirschmann_grs1130>>-

cpe:2.3:h:belden:hirschmann_grs1130:-:*:*:*:*:*:*:*

belden>>hirschmann_grs1142>>-

cpe:2.3:h:belden:hirschmann_grs1142:-:*:*:*:*:*:*:*

belden>>hirschmann_msp30>>-

cpe:2.3:h:belden:hirschmann_msp30:-:*:*:*:*:*:*:*

belden>>hirschmann_msp32>>-

cpe:2.3:h:belden:hirschmann_msp32:-:*:*:*:*:*:*:*

belden>>hirschmann_rail_switch_power_lite>>-

cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov

CWE ID: CWE-120

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	cve@mitre.org	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	cve@mitre.org	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	cve@mitre.org	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009	cve@mitre.org	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190802-0001/	cve@mitre.org	Third Party Advisory
https://support.f5.com/csp/article/K41190253	cve@mitre.org	Third Party Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260	cve@mitre.org	Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices	cve@mitre.org	Issue Tracking Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	cve@mitre.org	Third Party Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	cve@mitre.org	Vendor Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://security.netapp.com/advisory/ntap-20190802-0001/

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://support.f5.com/csp/article/K41190253

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://support2.windriver.com/index.php?page=security-notices

Source: cve@mitre.org

Resource:

Issue Tracking

Vendor Advisory

Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Source: cve@mitre.org

Resource:

Vendor Advisory