CVE-2019-12257

EPSS 15.36%
Veröffentlicht 09.08.2019 18:15:11
Zuletzt bearbeitet 21.11.2024 04:22:30
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Windriver ≫ Vxworks Version >= 6.5 < 6.9.4

Sonicwall ≫ Sonicos Version >= 5.9.0.0 <= 5.9.0.7

Sonicwall ≫ Sonicos Version >= 5.9.1.0. <= 5.9.1.12

Sonicwall ≫ Sonicos Version >= 6.2.0.0 <= 6.2.3.1

Sonicwall ≫ Sonicos Version >= 6.2.4.0 <= 6.2.4.3

Sonicwall ≫ Sonicos Version >= 6.2.5.0 <= 6.2.5.3

Sonicwall ≫ Sonicos Version >= 6.2.6.0 <= 6.2.6.1

Sonicwall ≫ Sonicos Version >= 6.2.7.0 <= 6.2.7.4

Sonicwall ≫ Sonicos Version >= 6.2.9.0 <= 6.2.9.2

Sonicwall ≫ Sonicos Version >= 6.5.0.0 <= 6.5.0.3

Sonicwall ≫ Sonicos Version >= 6.5.1.0 <= 6.5.1.4

Sonicwall ≫ Sonicos Version >= 6.5.2.0 <= 6.5.2.3

Sonicwall ≫ Sonicos Version >= 6.5.3.0 <= 6.5.3.3

Sonicwall ≫ Sonicos Version >= 6.5.4.0. <= 6.5.4.3

Sonicwall ≫ Sonicos Version6.2.7.0

Sonicwall ≫ Sonicos Version6.2.7.1

Sonicwall ≫ Sonicos Version6.2.7.7

Siemens ≫ Siprotec 5 Firmware Version < 7.59

Siemens ≫ Siprotec 5 Version-

Netapp ≫ E-series Santricity Os Controller Version >= 8.00 <= 8.40.50.00

Siemens ≫ Siprotec 5 Firmware Version < 7.91

Siemens ≫ Siprotec 5 Version-

Siemens ≫ Ruggedcom Win7000 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7000 Version-

Siemens ≫ Ruggedcom Win7018 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7018 Version-

Siemens ≫ Ruggedcom Win7025 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7025 Version-

Siemens ≫ Ruggedcom Win7200 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7200 Version-

Belden ≫ Hirschmann Hios Version <= 07.0.07

Belden ≫ Hirschmann Hios Version <= 07.5.01

Belden ≫ Hirschmann Msp40 Version-
Belden ≫ Hirschmann Octopus Os3 Version-

Belden ≫ Hirschmann Hios Version <= 07.2.04

Belden ≫ Hirschmann Dragon Mach4000 Version-
Belden ≫ Hirschmann Dragon Mach4500 Version-

Belden ≫ Hirschmann Hios Version <= 05.3.06

   Belden ≫ Hirschmann Eagle One Version-
   Belden ≫ Hirschmann Eagle20 Version-
   Belden ≫ Hirschmann Eagle30 Version-

Belden ≫ Garrettcom Magnum Dx940e Firmware Version <= 1.0.1_y7

Belden ≫ Garrettcom Magnum Dx940e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.36%	0.944

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support2.windriver.com/index.php?page=security-notices

Vendor Advisory

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory

https://support.f5.com/csp/article/K41190253

Third Party Advisory

https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009