CVE-2019-12257 : Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client comp

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Published 2019-08-09 18:15:11

Updated 2022-08-16 12:59:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2019-12257

Windriver » Vxworks
Versions from including (>=) 6.5 and before (<) 6.9.4
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
Matching versions
Siemens » Siprotec 5 Firmware cp200
Versions before (<) 7.59
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp200
Matching versions
When used together with: Siemens » Siprotec 5 » Version: N/A
Siemens » Siprotec 5 Firmware cp300
Versions before (<) 7.91
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp300
Matching versions
When used together with: Siemens » Siprotec 5 » Version: N/A
Siemens » Ruggedcom Win7000 Firmware
Versions before (<) bs5.2.461.17
cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Win7000 » Version: N/A
Siemens » Ruggedcom Win7200 Firmware
Versions before (<) bs5.2.461.17
cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Win7200 » Version: N/A
Siemens » Ruggedcom Win7025 Firmware
Versions before (<) bs5.2.461.17
cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Win7025 » Version: N/A
Siemens » Ruggedcom Win7018 Firmware
Versions before (<) bs5.2.461.17
cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ruggedcom Win7018 » Version: N/A
Sonicwall » Sonicos
Versions from including (>=) 6.2.9.0 and up to, including, (<=) 6.2.9.2
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 5.9.0.0 and up to, including, (<=) 5.9.0.7
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.5.4.0. and up to, including, (<=) 6.5.4.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.5.0.0 and up to, including, (<=) 6.5.0.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.2.4.0 and up to, including, (<=) 6.2.4.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.2.5.0 and up to, including, (<=) 6.2.5.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.5.3.0 and up to, including, (<=) 6.5.3.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.2.7.0 and up to, including, (<=) 6.2.7.4
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.2.0.0 and up to, including, (<=) 6.2.3.1
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.5.1.0 and up to, including, (<=) 6.5.1.4
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.2.6.0 and up to, including, (<=) 6.2.6.1
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 6.5.2.0 and up to, including, (<=) 6.5.2.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos
Versions from including (>=) 5.9.1.0. and up to, including, (<=) 5.9.1.12
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos » Version: 6.2.7.0
cpe:2.3:o:sonicwall:sonicos:6.2.7.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos » Version: 6.2.7.1
cpe:2.3:o:sonicwall:sonicos:6.2.7.1:*:*:*:*:*:*:*
Matching versions
Sonicwall » Sonicos » Version: 6.2.7.7
cpe:2.3:o:sonicwall:sonicos:6.2.7.7:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 8.00 and up to, including, (<=) 8.40.50.00
cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Belden » Hirschmann Hios
Versions up to, including, (<=) 07.2.04
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Belden » Hirschmann Dragon Mach4000 » Version: N/A
When used together with: Belden » Hirschmann Dragon Mach4500 » Version: N/A
Belden » Hirschmann Hios
Versions up to, including, (<=) 07.5.01
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Belden » Hirschmann Msp40 » Version: N/A
When used together with: Belden » Hirschmann Octopus Os3 » Version: N/A
Belden » Hirschmann Hios
Versions up to, including, (<=) 05.3.06
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Belden » Hirschmann Eagle One » Version: N/A
When used together with: Belden » Hirschmann Eagle20 » Version: N/A
When used together with: Belden » Hirschmann Eagle30 » Version: N/A
Belden » Hirschmann Hios
Versions up to, including, (<=) 07.0.07
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
Matching versions
When used together with: Belden » Hirschmann Ees20 » Version: N/A
When used together with: Belden » Hirschmann Ees25 » Version: N/A
When used together with: Belden » Hirschmann Eesx20 » Version: N/A
When used together with: Belden » Hirschmann Eesx30 » Version: N/A
When used together with: Belden » Hirschmann Grs1020 » Version: N/A
When used together with: Belden » Hirschmann Grs1030 » Version: N/A
When used together with: Belden » Hirschmann Grs1042 » Version: N/A
When used together with: Belden » Hirschmann Grs1120 » Version: N/A
When used together with: Belden » Hirschmann Grs1130 » Version: N/A
When used together with: Belden » Hirschmann Grs1142 » Version: N/A
When used together with: Belden » Hirschmann Msp30 » Version: N/A
When used together with: Belden » Hirschmann Msp32 » Version: N/A
When used together with: Belden » Hirschmann Rail Switch Power Lite » Version: N/A
When used together with: Belden » Hirschmann Rail Switch Power Smart » Version: N/A
When used together with: Belden » Hirschmann Red25 » Version: N/A
When used together with: Belden » Hirschmann Rsp20 » Version: N/A
When used together with: Belden » Hirschmann Rsp25 » Version: N/A
When used together with: Belden » Hirschmann Rsp30 » Version: N/A
When used together with: Belden » Hirschmann Rsp35 » Version: N/A
When used together with: Belden » Hirschmann Rspe30 » Version: N/A
When used together with: Belden » Hirschmann Rspe32 » Version: N/A
When used together with: Belden » Hirschmann Rspe35 » Version: N/A
When used together with: Belden » Hirschmann Rspe37 » Version: N/A
Belden » Garrettcom Magnum Dx940e Firmware
Versions up to, including, (<=) 1.0.1_y7
cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Belden » Garrettcom Magnum Dx940e » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-12257

EPSS FAQ

17.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-12257

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-12257

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-12257

https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Third Party Advisory

CVEs referencing this url
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12257

CVE-2019-12257 - Wind River Support Network
Vendor Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

SECURITY VULNERABILITY RESPONSE INFORMATION - TCP/IP Network Stack (IPnet, Urgent/11)
Vendor Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20190802-0001/

August 2019 VxWorks TCP/IP Stack (IPNET) Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory

CVEs referencing this url
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

SonicWall Security Advisory
Third Party Advisory

CVEs referencing this url
https://support2.windriver.com/index.php?page=security-notices

Security Notice - Wind River Support Network
Issue Tracking;Vendor Advisory

CVEs referencing this url
https://support.f5.com/csp/article/K41190253

Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-12257

Products affected by CVE-2019-12257

Exploit prediction scoring system (EPSS) score for CVE-2019-12257

CVSS scores for CVE-2019-12257

CWE ids for CVE-2019-12257

References for CVE-2019-12257