CVE-2019-12265

EPSS 4.59%
Published 09.08.2019 19:15:11
Last modified 21.11.2024 04:22:31
Source cve@mitre.org
Teams watchlist Login
Open Login

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Windriver ≫ Vxworks Version >= 6.5 < 6.9.4.12

Windriver ≫ Vxworks Version7.0 Update-

Sonicwall ≫ Sonicos Version >= 5.9.0.0 <= 5.9.0.7

Sonicwall ≫ Sonicos Version >= 5.9.1.0. <= 5.9.1.12

Sonicwall ≫ Sonicos Version >= 6.2.0.0 <= 6.2.3.1

Sonicwall ≫ Sonicos Version >= 6.2.4.0 <= 6.2.4.3

Sonicwall ≫ Sonicos Version >= 6.2.5.0 <= 6.2.5.3

Sonicwall ≫ Sonicos Version >= 6.2.6.0 <= 6.2.6.1

Sonicwall ≫ Sonicos Version >= 6.2.7.0 <= 6.2.7.4

Sonicwall ≫ Sonicos Version >= 6.2.9.0 <= 6.2.9.2

Sonicwall ≫ Sonicos Version >= 6.5.0.0 <= 6.5.0.3

Sonicwall ≫ Sonicos Version >= 6.5.1.0 <= 6.5.1.4

Sonicwall ≫ Sonicos Version >= 6.5.2.0 <= 6.5.2.3

Sonicwall ≫ Sonicos Version >= 6.5.3.0 <= 6.5.3.3

Sonicwall ≫ Sonicos Version >= 6.5.4.0. <= 6.5.4.3

Sonicwall ≫ Sonicos Version6.2.7.0

Sonicwall ≫ Sonicos Version6.2.7.1

Sonicwall ≫ Sonicos Version6.2.7.7

Siemens ≫ Siprotec 5 Firmware Version < 7.91

Siemens ≫ Siprotec 5 Version-

Siemens ≫ Siprotec 5 Firmware Version < 7.59

Siemens ≫ Siprotec 5 Version-

Siemens ≫ Siprotec 5 Firmware Version < 7.91

Siemens ≫ Siprotec 5 Version-

Netapp ≫ E-series Santricity Os Controller Version >= 8.00 <= 8.40.50.00

Siemens ≫ Power Meter 9410 Firmware Version < 2.2.1

Siemens ≫ Power Meter 9410 Version-

Siemens ≫ Power Meter 9810 Firmware

Siemens ≫ Power Meter 9810 Version-

Siemens ≫ Ruggedcom Win7000 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7000 Version-

Siemens ≫ Ruggedcom Win7018 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7018 Version-

Siemens ≫ Ruggedcom Win7025 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7025 Version-

Siemens ≫ Ruggedcom Win7200 Firmware Version < bs5.2.461.17

Siemens ≫ Ruggedcom Win7200 Version-

Belden ≫ Hirschmann Hios Version <= 07.0.07

Belden ≫ Hirschmann Hios Version <= 07.5.01

Belden ≫ Hirschmann Msp40 Version-
Belden ≫ Hirschmann Octopus Os3 Version-

Belden ≫ Hirschmann Hios Version <= 07.2.04

Belden ≫ Hirschmann Dragon Mach4000 Version-
Belden ≫ Hirschmann Dragon Mach4500 Version-

Belden ≫ Hirschmann Hios Version <= 05.3.06

   Belden ≫ Hirschmann Eagle One Version-
   Belden ≫ Hirschmann Eagle20 Version-
   Belden ≫ Hirschmann Eagle30 Version-

Belden ≫ Garrettcom Magnum Dx940e Firmware Version <= 1.0.1_y7

Belden ≫ Garrettcom Magnum Dx940e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.59%	0.888

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://support2.windriver.com/index.php?page=security-notices

Vendor Advisory

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory

https://support.f5.com/csp/article/K41190253

Third Party Advisory

https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190802-0001/

Third Party Advisory

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12265

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12265

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12265

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12265

EUVD