Vulnerability Details : CVE-2019-12264
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.
Products affected by CVE-2019-12264
- cpe:2.3:o:windriver:vxworks:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6.8:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:6.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
- cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
- cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
- cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
- cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12264
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12264
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.8
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:P/A:P |
6.5
|
4.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
2.8
|
4.2
|
NIST |
CWE ids for CVE-2019-12264
-
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12264
-
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264
CVE-2019-12264 - Wind River Support NetworkVendor Advisory
-
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
SECURITY VULNERABILITY RESPONSE INFORMATION - TCP/IP Network Stack (IPnet, Urgent/11)Vendor Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us
HPESBHF03960 rev.1 - HPE Lights Out 100 (LO100) Remote Management for ProLiant G1 - G6 servers, Remote Denial of ServiceThird Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
Third Party Advisory
-
https://support.f5.com/csp/article/K41190253
Third Party Advisory
Jump to