CVE-2019-12260

EPSS 21.05%
Published 09.08.2019 21:15:11
Last modified 21.11.2024 04:22:30
Source cve@mitre.org
Teams watchlist Login
Open Login

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Windriver ≫ Vxworks Version >= 6.5 < 6.9.4.12

Windriver ≫ Vxworks Version7.0 Update-

Sonicwall ≫ Sonicos Version >= 5.9.0.0 <= 5.9.0.7

Sonicwall ≫ Sonicos Version >= 5.9.1.0. <= 5.9.1.12

Sonicwall ≫ Sonicos Version >= 6.2.0.0 <= 6.2.3.1

Sonicwall ≫ Sonicos Version >= 6.2.4.0 <= 6.2.4.3

Sonicwall ≫ Sonicos Version >= 6.2.5.0 <= 6.2.5.3

Sonicwall ≫ Sonicos Version >= 6.2.6.0 <= 6.2.6.1

Sonicwall ≫ Sonicos Version >= 6.2.7.0 <= 6.2.7.4

Sonicwall ≫ Sonicos Version >= 6.2.9.0 <= 6.2.9.2

Sonicwall ≫ Sonicos Version >= 6.5.0.0 <= 6.5.0.3

Sonicwall ≫ Sonicos Version >= 6.5.1.0 <= 6.5.1.4

Sonicwall ≫ Sonicos Version >= 6.5.2.0 <= 6.5.2.3

Sonicwall ≫ Sonicos Version >= 6.5.3.0 <= 6.5.3.3

Sonicwall ≫ Sonicos Version >= 6.5.4.0. <= 6.5.4.3

Sonicwall ≫ Sonicos Version6.2.7.0

Sonicwall ≫ Sonicos Version6.2.7.1

Sonicwall ≫ Sonicos Version6.2.7.7

Siemens ≫ Siprotec 5 Firmware Version < 7.59

Siemens ≫ Siprotec 5 Version-

Netapp ≫ E-series Santricity Os Controller Version >= 8.00 <= 8.40.50.00

Siemens ≫ Siprotec 5 Firmware Version < 7.91

Siemens ≫ Siprotec 5 Version-

Siemens ≫ Power Meter 9410 Firmware Version < 2.2.1

Siemens ≫ Power Meter 9410 Version-

Siemens ≫ Power Meter 9810 Firmware

Siemens ≫ Power Meter 9810 Version-

Siemens ≫ Ruggedcom Win7000 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7000 Version-

Siemens ≫ Ruggedcom Win7018 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7018 Version-

Siemens ≫ Ruggedcom Win7025 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7025 Version-

Siemens ≫ Ruggedcom Win7200 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7200 Version-

Oracle ≫ Communications Eagle Version >= 46.6.0 <= 46.8.2

Belden ≫ Hirschmann Hios Version <= 07.0.07

Belden ≫ Hirschmann Hios Version <= 07.5.01

Belden ≫ Hirschmann Msp40 Version-
Belden ≫ Hirschmann Octopus Os3 Version-

Belden ≫ Hirschmann Hios Version <= 07.2.04

Belden ≫ Hirschmann Dragon Mach4000 Version-
Belden ≫ Hirschmann Dragon Mach4500 Version-

Belden ≫ Hirschmann Hios Version <= 05.3.06

   Belden ≫ Hirschmann Eagle One Version-
   Belden ≫ Hirschmann Eagle20 Version-
   Belden ≫ Hirschmann Eagle30 Version-

Belden ≫ Garrettcom Magnum Dx940e Firmware Version <= 1.0.1_y7

Belden ≫ Garrettcom Magnum Dx940e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	21.05%	0.955

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.oracle.com//security-alerts/cpujul2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory

https://support2.windriver.com/index.php?page=security-notices

Vendor Advisory

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf