5.3

CVE-2019-12265

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WindriverVxworks Version >= 6.5 < 6.9.4.12
WindriverVxworks Version7.0 Update-
SonicwallSonicos Version >= 5.9.0.0 <= 5.9.0.7
SonicwallSonicos Version >= 5.9.1.0. <= 5.9.1.12
SonicwallSonicos Version >= 6.2.0.0 <= 6.2.3.1
SonicwallSonicos Version >= 6.2.4.0 <= 6.2.4.3
SonicwallSonicos Version >= 6.2.5.0 <= 6.2.5.3
SonicwallSonicos Version >= 6.2.6.0 <= 6.2.6.1
SonicwallSonicos Version >= 6.2.7.0 <= 6.2.7.4
SonicwallSonicos Version >= 6.2.9.0 <= 6.2.9.2
SonicwallSonicos Version >= 6.5.0.0 <= 6.5.0.3
SonicwallSonicos Version >= 6.5.1.0 <= 6.5.1.4
SonicwallSonicos Version >= 6.5.2.0 <= 6.5.2.3
SonicwallSonicos Version >= 6.5.3.0 <= 6.5.3.3
SonicwallSonicos Version >= 6.5.4.0. <= 6.5.4.3
SonicwallSonicos Version6.2.7.0
SonicwallSonicos Version6.2.7.1
SonicwallSonicos Version6.2.7.7
SiemensSiprotec 5 Firmware Version < 7.91
   SiemensSiprotec 5 Version-
SiemensSiprotec 5 Firmware Version < 7.59
   SiemensSiprotec 5 Version-
SiemensSiprotec 5 Firmware Version < 7.91
   SiemensSiprotec 5 Version-
NetappE-series Santricity Os Controller Version >= 8.00 <= 8.40.50.00
SiemensPower Meter 9410 Firmware Version < 2.2.1
   SiemensPower Meter 9410 Version-
SiemensRuggedcom Win7000 Firmware Version < bs5.2.461.17
   SiemensRuggedcom Win7000 Version-
SiemensRuggedcom Win7018 Firmware Version < bs5.2.461.17
   SiemensRuggedcom Win7018 Version-
SiemensRuggedcom Win7025 Firmware Version < bs5.2.461.17
   SiemensRuggedcom Win7025 Version-
SiemensRuggedcom Win7200 Firmware Version < bs5.2.461.17
   SiemensRuggedcom Win7200 Version-
BeldenHirschmann Hios Version <= 07.0.07
   BeldenHirschmann Ees20 Version-
   BeldenHirschmann Ees25 Version-
   BeldenHirschmann Eesx20 Version-
   BeldenHirschmann Eesx30 Version-
   BeldenHirschmann Grs1020 Version-
   BeldenHirschmann Grs1030 Version-
   BeldenHirschmann Grs1042 Version-
   BeldenHirschmann Grs1120 Version-
   BeldenHirschmann Grs1130 Version-
   BeldenHirschmann Grs1142 Version-
   BeldenHirschmann Msp30 Version-
   BeldenHirschmann Msp32 Version-
   BeldenHirschmann Rail Switch Power Lite Version-
   BeldenHirschmann Rail Switch Power Smart Version-
   BeldenHirschmann Red25 Version-
   BeldenHirschmann Rsp20 Version-
   BeldenHirschmann Rsp25 Version-
   BeldenHirschmann Rsp30 Version-
   BeldenHirschmann Rsp35 Version-
   BeldenHirschmann Rspe30 Version-
   BeldenHirschmann Rspe32 Version-
   BeldenHirschmann Rspe35 Version-
   BeldenHirschmann Rspe37 Version-
BeldenHirschmann Hios Version <= 07.5.01
   BeldenHirschmann Msp40 Version-
   BeldenHirschmann Octopus Os3 Version-
BeldenHirschmann Hios Version <= 07.2.04
BeldenHirschmann Hios Version <= 05.3.06
   BeldenHirschmann Eagle One Version-
   BeldenHirschmann Eagle20 Version-
   BeldenHirschmann Eagle30 Version-
BeldenGarrettcom Magnum Dx940e Firmware Version <= 1.0.1_y7
   BeldenGarrettcom Magnum Dx940e Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 55.27% 0.989
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://support2.windriver.com/index.php?page=security-notices
Vendor Advisory
Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
Third Party Advisory
https://support.f5.com/csp/article/K41190253
Third Party Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
Vendor Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190802-0001/
Third Party Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12265
Vendor Advisory