CVE-2019-12258

EPSS 14.88%
Veröffentlicht 09.08.2019 20:15:11
Zuletzt bearbeitet 21.11.2024 04:22:30
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Windriver ≫ Vxworks Version >= 6.5 < 6.9.4.12

Windriver ≫ Vxworks Version7.0 Update-

Sonicwall ≫ Sonicos Version >= 5.9.0.0 <= 5.9.0.7

Sonicwall ≫ Sonicos Version >= 5.9.1.0. <= 5.9.1.12

Sonicwall ≫ Sonicos Version >= 6.2.0.0 <= 6.2.3.1

Sonicwall ≫ Sonicos Version >= 6.2.4.0 <= 6.2.4.3

Sonicwall ≫ Sonicos Version >= 6.2.5.0 <= 6.2.5.3

Sonicwall ≫ Sonicos Version >= 6.2.6.0 <= 6.2.6.1

Sonicwall ≫ Sonicos Version >= 6.2.7.0 <= 6.2.7.4

Sonicwall ≫ Sonicos Version >= 6.2.9.0 <= 6.2.9.2

Sonicwall ≫ Sonicos Version >= 6.5.0.0 <= 6.5.0.3

Sonicwall ≫ Sonicos Version >= 6.5.1.0 <= 6.5.1.4

Sonicwall ≫ Sonicos Version >= 6.5.2.0 <= 6.5.2.3

Sonicwall ≫ Sonicos Version >= 6.5.3.0 <= 6.5.3.3

Sonicwall ≫ Sonicos Version >= 6.5.4.0. <= 6.5.4.3

Sonicwall ≫ Sonicos Version6.2.7.0

Sonicwall ≫ Sonicos Version6.2.7.1

Sonicwall ≫ Sonicos Version6.2.7.7

Siemens ≫ Siprotec 5 Firmware Version < 7.59

Siemens ≫ Siprotec 5 Version-

Netapp ≫ E-series Santricity Os Controller Version >= 8.00 <= 8.40.50.00

Siemens ≫ Siprotec 5 Firmware Version < 7.91

Siemens ≫ Siprotec 5 Version-

Siemens ≫ Power Meter 9410 Firmware Version < 2.2.1

Siemens ≫ Power Meter 9410 Version-

Siemens ≫ Power Meter 9810 Firmware

Siemens ≫ Power Meter 9810 Version-

Siemens ≫ Ruggedcom Win7000 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7000 Version-

Siemens ≫ Ruggedcom Win7018 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7018 Version-

Siemens ≫ Ruggedcom Win7025 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7025 Version-

Siemens ≫ Ruggedcom Win7200 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7200 Version-

Belden ≫ Hirschmann Hios Version <= 07.0.07

Belden ≫ Hirschmann Hios Version <= 07.5.01

Belden ≫ Hirschmann Msp40 Version-
Belden ≫ Hirschmann Octopus Os3 Version-

Belden ≫ Hirschmann Hios Version <= 07.2.04

Belden ≫ Hirschmann Dragon Mach4000 Version-
Belden ≫ Hirschmann Dragon Mach4500 Version-

Belden ≫ Hirschmann Hios Version <= 05.3.06

   Belden ≫ Hirschmann Eagle One Version-
   Belden ≫ Hirschmann Eagle20 Version-
   Belden ≫ Hirschmann Eagle30 Version-

Belden ≫ Garrettcom Magnum Dx940e Firmware Version <= 1.0.1_y7

Belden ≫ Garrettcom Magnum Dx940e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.88%	0.943

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://support2.windriver.com/index.php?page=security-notices

Vendor Advisory

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory

https://support.f5.com/csp/article/K41190253

Third Party Advisory

https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/