CVE-2019-12260:

Overview

Remediation

• Apply the vendor-provided patch or upgrade to a fixed release for Wind River VxWorks 6.9/vx7 as specified in Wind River security advisories. Check the Wind River support portal for the exact patched versions addressing CVE-2019-12260.
• If a patch is not immediately available, implement vendor-recommended mitigations: restrict exposure of the affected TCP/IP stack through network segmentation and firewall rules, and apply any configuration changes or workarounds documented by Wind River in their security notices.
• Validate remediation in a controlled environment before deploying to production, and maintain evidence of patch levels and tested configurations.
• Monitor for further advisories and confirm that all affected devices are tracked in your vulnerability management program.

References

• - [Oracle CPU Oct 2020 security alerts](https://www.oracle.com/security-alerts/cpuoct2020.html)
• - [Wind River security notices](https://support2.windriver.com/index.php?page=security-notices)
• - [SonicWall vulnerability details SNWLID-2019-0009](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009)
• - [Siemens SSA-632562 PDF](https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf)
• - [NetApp NTAP-20190802-0001 advisory](https://security.netapp.com/advisory/ntap-20190802-0001/)
• - [Wind River IPNet Urgent11 announcement](https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/)
• - [Wind River CVE-2019-12260 view page](https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260)
• - [F5 K41190253 advisory](https://support.f5.com/csp/article/K41190253)
• - [Siemens SSA-189842 PDF](https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf)
• - [Siemens SSA-352504 PDF](https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf)
• - [Oracle CPU July 2021 security alerts](https://www.oracle.com//security-alerts/cpujul2021.html)