CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
windrivervxworks
6.5 ≤
𝑥
< 6.9.4.12
windrivervxworks
7.0
sonicwallsonicos
5.9.0.0 ≤
𝑥
≤ 5.9.0.7
sonicwallsonicos
5.9.1.0. ≤
𝑥
≤ 5.9.1.12
sonicwallsonicos
6.2.0.0 ≤
𝑥
≤ 6.2.3.1
sonicwallsonicos
6.2.4.0 ≤
𝑥
≤ 6.2.4.3
sonicwallsonicos
6.2.5.0 ≤
𝑥
≤ 6.2.5.3
sonicwallsonicos
6.2.6.0 ≤
𝑥
≤ 6.2.6.1
sonicwallsonicos
6.2.7.0 ≤
𝑥
≤ 6.2.7.4
sonicwallsonicos
6.2.9.0 ≤
𝑥
≤ 6.2.9.2
sonicwallsonicos
6.5.0.0 ≤
𝑥
≤ 6.5.0.3
sonicwallsonicos
6.5.1.0 ≤
𝑥
≤ 6.5.1.4
sonicwallsonicos
6.5.2.0 ≤
𝑥
≤ 6.5.2.3
sonicwallsonicos
6.5.3.0 ≤
𝑥
≤ 6.5.3.3
sonicwallsonicos
6.5.4.0. ≤
𝑥
≤ 6.5.4.3
sonicwallsonicos
6.2.7.0
sonicwallsonicos
6.2.7.1
sonicwallsonicos
6.2.7.7
siemenssiprotec_5_firmware
𝑥
< 7.59
netappe-series_santricity_os_controller
8.00 ≤
𝑥
≤ 8.40.50.00
siemenssiprotec_5_firmware
𝑥
< 7.91
siemenspower_meter_9410_firmware
𝑥
< 2.2.1
siemenspower_meter_9810_firmware
*
beldenhirschmann_hios
𝑥
≤ 07.0.07
beldenhirschmann_hios
𝑥
≤ 07.5.01
beldenhirschmann_hios
𝑥
≤ 07.2.04
beldenhirschmann_hios
𝑥
≤ 05.3.06
beldengarrettcom_magnum_dx940e_firmware
𝑥
≤ 1.0.1_y7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
https://security.netapp.com/advisory/ntap-20190802-0001/
https://support.f5.com/csp/article/K41190253
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263
https://support2.windriver.com/index.php?page=security-notices
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
https://security.netapp.com/advisory/ntap-20190802-0001/
https://support.f5.com/csp/article/K41190253
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263
https://support2.windriver.com/index.php?page=security-notices
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/