CVE-2019-12258:

Session fixation vulnerability in Wind River VxWorks IPNET TCP stack (CVE-2019-12258) that can cause denial of service of TCP connections via malformed TCP options on VxWorks 6.6–vx7.

Score
A numerical rating that indicates how dangerous this vulnerability is.

7.5High

Published Date:Aug 9, 2019
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:11.6
EPSS Percentile:94%

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:3.6
Confidentiality Impact:NONE
Integrity Impact:NONE
Availability Impact:HIGH

Description Preview

Session fixation vulnerability in Wind River VxWorks IPNET TCP stack (CVE-2019-12258) that can cause denial of service of TCP connections via malformed TCP options on VxWorks 6.6–vx7.

Overview

Wind River VxWorks 6.6 through vx7 expose a session fixation vulnerability in the IPNET TCP stack that can be exploited to disrupt TCP connectivity by exploiting malformed TCP options, resulting in DoS conditions on affected devices. The vulnerability is cataloged as CVE-2019-12258 and has been addressed in vendor security advisories.

Remediation

Identify affected devices running Wind River VxWorks 6.6 to vx7 and review Wind River security advisories (IPNET and CVE-2019-12258) for the recommended patch or upgrade path.
Apply the vendor-provided fix: upgrade or patch the IPNET TCP stack as per Wind River’s security notices (refer to urgent11 guidance and related advisories) to mitigate CVE-2019-12258.
If a direct patch/upgrade cannot be applied, implement network-level mitigations at the edge (firewall/IPS) to filter or limit malformed TCP options and reduce exposure to untrusted networks.
Enable monitoring and logging for anomalous TCP option patterns and DoS indicators, and verify patch installation with vendor guidance.
After remediation, test TCP connectivity to ensure the DoS condition can no longer be triggered and that normal traffic flows are unaffected.