CVE-2019-12255:

Overview

Remediation

• Identify affected systems running Wind River VxWorks IPNET TCP/IP stack and confirm the presence of the vulnerability (CVE-2019-12255).
• Apply the latest official patch or upgrade to a version of VxWorks IPNET that includes the fix for CVE-2019-12255, per Wind River advisories.
• If a patch is not available for your platform, implement compensating controls:
• Restrict TCP/IP exposure by deploying network segmentation and restricting access to vulnerable devices with firewalls or ACLs.
• Place affected devices behind intrusion detection/prevention systems and monitor for exploit attempts related to this vector.
• Limit unnecessary TCP/IP services and external reachability where feasible.
• Validate the fix in a test environment before production deployment and document the patch level.
• Continuously monitor for new advisories or additional IPNET issues and apply updates as they are released.

References

• - Wind River Security Notices: https://support2.windriver.com/index.php?page=security-notices
• - SonicWall PSIRT vulnerability detail SNWLID-2019-0009: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
• - Siemens SSA-632562.pdf: https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
• - NetApp advisory NTAP-20190802-0001: https://security.netapp.com/advisory/ntap-20190802-0001/
• - Wind River IPNET urgent11 security announcement: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
• - Wind River CVE view for CVE-2019-12255: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255
• - PacketStorm: VxWorks-6.8-Integer-Underflow.html: http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html
• - F5 support article K41190253: https://support.f5.com/csp/article/K41190253
• - Siemens SSA-189842.pdf: https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
• - Siemens SSA-352504.pdf: https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf