Vulnerability Details CVE-2019-12260
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.211
EPSS Ranking 95.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
- https://security.netapp.com/advisory/ntap-20190802-0001/
- https://support.f5.com/csp/article/K41190253
- https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260
- https://support2.windriver.com/index.php?page=security-notices
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
- https://security.netapp.com/advisory/ntap-20190802-0001/
- https://support.f5.com/csp/article/K41190253
- https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260
- https://support2.windriver.com/index.php?page=security-notices
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
Products affected by CVE-2019-12260
-
cpe:2.3:a:oracle:communications_eagle:46.7.0
-
cpe:2.3:a:oracle:communications_eagle:46.8.0
-
cpe:2.3:a:oracle:communications_eagle:46.8.2
-
cpe:2.3:h:belden:garrettcom_magnum_dx940e:-
-
cpe:2.3:h:belden:hirschmann_dragon_mach4000:-
-
cpe:2.3:h:belden:hirschmann_dragon_mach4500:-
-
cpe:2.3:h:belden:hirschmann_eagle20:-
-
cpe:2.3:h:belden:hirschmann_eagle30:-
-
cpe:2.3:h:belden:hirschmann_eagle_one:-
-
cpe:2.3:h:belden:hirschmann_ees20:-
-
cpe:2.3:h:belden:hirschmann_ees25:-
-
cpe:2.3:h:belden:hirschmann_eesx20:-
-
cpe:2.3:h:belden:hirschmann_eesx30:-
-
cpe:2.3:h:belden:hirschmann_grs1020:-
-
cpe:2.3:h:belden:hirschmann_grs1030:-
-
cpe:2.3:h:belden:hirschmann_grs1042:-
-
cpe:2.3:h:belden:hirschmann_grs1120:-
-
cpe:2.3:h:belden:hirschmann_grs1130:-
-
cpe:2.3:h:belden:hirschmann_grs1142:-
-
cpe:2.3:h:belden:hirschmann_msp30:-
-
cpe:2.3:h:belden:hirschmann_msp32:-
-
cpe:2.3:h:belden:hirschmann_msp40:-
-
cpe:2.3:h:belden:hirschmann_octopus_os3:-
-
cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-
-
cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-
-
cpe:2.3:h:belden:hirschmann_red25:-
-
cpe:2.3:h:belden:hirschmann_rsp20:-
-
cpe:2.3:h:belden:hirschmann_rsp25:-
-
cpe:2.3:h:belden:hirschmann_rsp30:-
-
cpe:2.3:h:belden:hirschmann_rsp35:-
-
cpe:2.3:h:belden:hirschmann_rspe30:-
-
cpe:2.3:h:belden:hirschmann_rspe32:-
-
cpe:2.3:h:belden:hirschmann_rspe35:-
-
cpe:2.3:h:belden:hirschmann_rspe37:-
-
cpe:2.3:h:siemens:power_meter_9410:-
-
cpe:2.3:h:siemens:power_meter_9810:-
-
cpe:2.3:h:siemens:ruggedcom_win7000:-
-
cpe:2.3:h:siemens:ruggedcom_win7018:-
-
cpe:2.3:h:siemens:ruggedcom_win7025:-
-
cpe:2.3:h:siemens:ruggedcom_win7200:-
-
cpe:2.3:h:siemens:siprotec_5:-
-
cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*
-
cpe:2.3:o:belden:hirschmann_hios:-
-
cpe:2.3:o:belden:hirschmann_hios:07.0.02
-
cpe:2.3:o:belden:hirschmann_hios:07.0.04
-
cpe:2.3:o:belden:hirschmann_hios:07.1.00
-
cpe:2.3:o:belden:hirschmann_hios:07.1.01
-
cpe:2.3:o:belden:hirschmann_hios:07.1.02
-
cpe:2.3:o:belden:hirschmann_hios:07.1.03
-
cpe:2.3:o:netapp:e-series_santricity_os_controller:8.00
-
cpe:2.3:o:netapp:e-series_santricity_os_controller:8.40.50.00
-
cpe:2.3:o:siemens:power_meter_9410_firmware:*
-
cpe:2.3:o:siemens:power_meter_9810_firmware:*
-
cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*
-
cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*
-
cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*
-
cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*
-
cpe:2.3:o:siemens:siprotec_5_firmware:-
-
cpe:2.3:o:siemens:siprotec_5_firmware:6.00
-
cpe:2.3:o:siemens:siprotec_5_firmware:6.20
-
cpe:2.3:o:siemens:siprotec_5_firmware:6.21
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.03
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.30
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.31
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.50
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.54
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.58
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.80
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.81
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.82
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.84
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.85
-
cpe:2.3:o:siemens:siprotec_5_firmware:7.90
-
cpe:2.3:o:sonicwall:sonicos:5.9.0.0
-
cpe:2.3:o:sonicwall:sonicos:5.9.0.7
-
cpe:2.3:o:sonicwall:sonicos:5.9.1.10
-
cpe:2.3:o:sonicwall:sonicos:5.9.1.12
-
cpe:2.3:o:sonicwall:sonicos:6.2.0.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.0.1
-
cpe:2.3:o:sonicwall:sonicos:6.2.1.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.2.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.3.1
-
cpe:2.3:o:sonicwall:sonicos:6.2.4.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.4.3
-
cpe:2.3:o:sonicwall:sonicos:6.2.5.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.5.3
-
cpe:2.3:o:sonicwall:sonicos:6.2.6.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.6.1
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.1
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.3
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.4
-
cpe:2.3:o:sonicwall:sonicos:6.2.7.7
-
cpe:2.3:o:sonicwall:sonicos:6.2.9.0
-
cpe:2.3:o:sonicwall:sonicos:6.2.9.1
-
cpe:2.3:o:sonicwall:sonicos:6.2.9.2
-
cpe:2.3:o:sonicwall:sonicos:6.5.0.0
-
cpe:2.3:o:sonicwall:sonicos:6.5.0.3
-
cpe:2.3:o:sonicwall:sonicos:6.5.1.0
-
cpe:2.3:o:sonicwall:sonicos:6.5.1.3
-
cpe:2.3:o:sonicwall:sonicos:6.5.1.4
-
cpe:2.3:o:sonicwall:sonicos:6.5.2.0
-
cpe:2.3:o:sonicwall:sonicos:6.5.2.1
-
cpe:2.3:o:sonicwall:sonicos:6.5.2.2
-
cpe:2.3:o:sonicwall:sonicos:6.5.2.3
-
cpe:2.3:o:sonicwall:sonicos:6.5.3.0
-
cpe:2.3:o:sonicwall:sonicos:6.5.3.1
-
cpe:2.3:o:sonicwall:sonicos:6.5.3.3
-
cpe:2.3:o:sonicwall:sonicos:6.5.4.0.
-
cpe:2.3:o:sonicwall:sonicos:6.5.4.3
-
cpe:2.3:o:windriver:vxworks:6.5
-
cpe:2.3:o:windriver:vxworks:6.6
-
cpe:2.3:o:windriver:vxworks:6.6.3
-
cpe:2.3:o:windriver:vxworks:6.6.4
-
cpe:2.3:o:windriver:vxworks:6.6.4.1
-
cpe:2.3:o:windriver:vxworks:6.7
-
cpe:2.3:o:windriver:vxworks:6.8
-
cpe:2.3:o:windriver:vxworks:6.8.3
-
cpe:2.3:o:windriver:vxworks:6.9
-
cpe:2.3:o:windriver:vxworks:6.9.1
-
cpe:2.3:o:windriver:vxworks:6.9.2
-
cpe:2.3:o:windriver:vxworks:6.9.3
-
cpe:2.3:o:windriver:vxworks:6.9.3.1
-
cpe:2.3:o:windriver:vxworks:6.9.4
-
cpe:2.3:o:windriver:vxworks:6.9.4.1
-
cpe:2.3:o:windriver:vxworks:6.9.4.11
-
cpe:2.3:o:windriver:vxworks:7.0