Details of VAR-201908-0715

ID

VAR-201908-0715

CVE

CVE-2019-12258

TITLE

Wind River Systems VxWorks Parameter Denial of Service Vulnerability

Trust: 0.8

sources: IVD: 447d6a09-30fb-4736-bac8-9c0272f13a81 // CNVD: CNVD-2019-25703

DESCRIPTION

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. The following products and versions are affected: Wind River Systems VxWorks Version 7, Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in Wind River VxWorks could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. A successful exploit could allow the malicious user to cause a DoS condition on the targeted system

Trust: 2.52

sources: NVD: CVE-2019-12258 // JVNDB: JVNDB-2019-007842 // CNVD: CNVD-2019-25703 // IVD: 447d6a09-30fb-4736-bac8-9c0272f13a81 // VULHUB: VHN-143986 // VULMON: CVE-2019-12258

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 447d6a09-30fb-4736-bac8-9c0272f13a81 // CNVD: CNVD-2019-25703

AFFECTED PRODUCTS

vendor:	sonicos	model:	-	scope:	eq	version:	*	Trust: 2.4
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.5.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.6.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	5.9.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.4.0.	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	8.00	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.0	Trust: 1.0
vendor:	siemens	model:	power meter 9410	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7025	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.2.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	5.9.1.0.	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7200	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.7.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.3.1	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.2.04	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.1.4	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.7	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.0.07	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.5.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	5.9.1.12	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	lt	version:	6.9.4.12	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.9.2	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	gte	version:	6.5	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.6.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.4.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.4.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7000	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	siemens	model:	power meter 9810	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5	scope:	lt	version:	7.59	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.7.4	Trust: 1.0
vendor:	siemens	model:	siprotec 5	scope:	lt	version:	7.91	Trust: 1.0
vendor:	belden	model:	garrettcom magnum dx940e	scope:	lte	version:	1.0.1_y7	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	8.40.50.00	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.1.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.9.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	5.9.0.7	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.5.01	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7018	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.3.0	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	05.3.06	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.0.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.2.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.4.0	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	eq	version:	7.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.3.3	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sonicos	scope:	-	version:	-	Trust: 0.8
vendor:	ウインドリバー株式会社	model:	vxworks	scope:	-	version:	-	Trust: 0.8
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.9	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.8	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.7	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.6	Trust: 0.6
vendor:	siprotec 5	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	vxworks	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	vxworks	model:	-	scope:	eq	version:	7	Trust: 0.2
vendor:	e series santricity os controller	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.0	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.1	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.7	Trust: 0.2

sources: IVD: 447d6a09-30fb-4736-bac8-9c0272f13a81 // CNVD: CNVD-2019-25703 // JVNDB: JVNDB-2019-007842 // NVD: CVE-2019-12258

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2019-12258
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2019-25703
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-1495
value:	HIGH
Trust: 0.6
IVD:	447d6a09-30fb-4736-bac8-9c0272f13a81
value:	HIGH
Trust: 0.2
VULHUB:	VHN-143986
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-12258
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2019-12258
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
CNVD:	CNVD-2019-25703
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	447d6a09-30fb-4736-bac8-9c0272f13a81
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-143986
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12258
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 447d6a09-30fb-4736-bac8-9c0272f13a81 // CNVD: CNVD-2019-25703 // VULHUB: VHN-143986 // VULMON: CVE-2019-12258 // JVNDB: JVNDB-2019-007842 // NVD: CVE-2019-12258 // CNNVD: CNNVD-201907-1495

PROBLEMTYPE DATA

problemtype:	CWE-384	Trust: 1.1
problemtype:	Session immobilization (CWE-384) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-143986 // JVNDB: JVNDB-2019-007842 // NVD: CVE-2019-12258

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1495

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-1495

CONFIGURATIONS

sources: NVD: CVE-2019-12258

PATCH

title:	Security Notices Siemens Siemens Security Advisory	url:	https://security.netapp.com/advisory/ntap-20190802-0001/	Trust: 0.8
title:	Wind River Systems VxWorks Parameter Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/172949	Trust: 0.6
title:	Wind River Systems VxWorks Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95610	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/	Trust: 0.2
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1f919286ef48798d96223ef4d2143337	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2dd69ca01b84b80e09672fedb1c26f51	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=99fa839be73f2df819a67c27caa912f8	Trust: 0.1
title:	Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=fg-ir-19-222	Trust: 0.1
title:	urgent11-detector	url:	https://github.com/armissecurity/urgent11-detector	Trust: 0.1
title:	Urgent11-Suricata-LUA-scripts	url:	https://github.com/sud0woodo/urgent11-suricata-lua-scripts	Trust: 0.1

sources: CNVD: CNVD-2019-25703 // VULMON: CVE-2019-12258 // JVNDB: JVNDB-2019-007842 // CNNVD: CNNVD-201907-1495

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12258	Trust: 4.2
db:	SIEMENS	id:	SSA-352504	Trust: 1.8
db:	SIEMENS	id:	SSA-189842	Trust: 1.8
db:	SIEMENS	id:	SSA-632562	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-274-01	Trust: 1.4
db:	ICS CERT	id:	ICSA-19-211-01	Trust: 1.4
db:	ICS CERT	id:	ICSMA-19-274-01	Trust: 1.4
db:	CNNVD	id:	CNNVD-201907-1495	Trust: 0.9
db:	ICS CERT	id:	ICSA-23-320-10	Trust: 0.9
db:	CNVD	id:	CNVD-2019-25703	Trust: 0.8
db:	JVN	id:	JVNVU92598492	Trust: 0.8
db:	JVN	id:	JVNVU92467308	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007842	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.3695.5	Trust: 0.6
db:	AUSCERT	id:	ASB-2019.0224	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3245	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2856	Trust: 0.6
db:	IVD	id:	447D6A09-30FB-4736-BAC8-9C0272F13A81	Trust: 0.2
db:	VULHUB	id:	VHN-143986	Trust: 0.1
db:	VULMON	id:	CVE-2019-12258	Trust: 0.1

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-12258	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	Trust: 1.8
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190802-0001/	Trust: 1.8
url:	https://support.f5.com/csp/article/k41190253	Trust: 1.8
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Trust: 1.8
url:	https://support2.windriver.com/index.php?page=security-notices	Trust: 1.8
url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12258	Trust: 1.7
url:	https://www.us-cert.gov/ics/advisories/icsa-19-274-01	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsma-19-274-01	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-211-01	Trust: 1.4
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu92467308/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92598492/	Trust: 0.8
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf	Trust: 0.6
url:	https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-19-222	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3695.5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2856/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/asb-2019.0224/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3245/	Trust: 0.6
url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12258	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/384.html	Trust: 0.1
url:	https://github.com/armissecurity/urgent11-detector	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=60685	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-25703 // VULHUB: VHN-143986 // VULMON: CVE-2019-12258 // JVNDB: JVNDB-2019-007842 // NVD: CVE-2019-12258 // CNNVD: CNNVD-201907-1495

SOURCES

db:	IVD	id:	447d6a09-30fb-4736-bac8-9c0272f13a81
db:	CNVD	id:	CNVD-2019-25703
db:	VULHUB	id:	VHN-143986
db:	VULMON	id:	CVE-2019-12258
db:	JVNDB	id:	JVNDB-2019-007842
db:	NVD	id:	CVE-2019-12258
db:	CNNVD	id:	CNNVD-201907-1495

LAST UPDATE DATE

2023-12-18T11:44:58.441000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-25703	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-143986	date:	2019-09-10T00:00:00
db:	VULMON	id:	CVE-2019-12258	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-007842	date:	2023-11-21T01:13:00
db:	NVD	id:	CVE-2019-12258	date:	2022-08-12T18:44:39.313
db:	CNNVD	id:	CNNVD-201907-1495	date:	2022-03-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	447d6a09-30fb-4736-bac8-9c0272f13a81	date:	2019-08-02T00:00:00
db:	CNVD	id:	CNVD-2019-25703	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-143986	date:	2019-08-09T00:00:00
db:	VULMON	id:	CVE-2019-12258	date:	2019-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-007842	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-12258	date:	2019-08-09T20:15:11.410
db:	CNNVD	id:	CNNVD-201907-1495	date:	2019-07-29T00:00:00