CVE-2019-12261:
Buffer overflow in Wind River VxWorks TCP/IP IPNET stack due to TCP Urgent Pointer state confusion during connect() to a remote host; affects VxWorks 6.7–6.9 and vx7.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Aug 9, 2019
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:22.5
- EPSS Percentile:96%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Buffer overflow in Wind River VxWorks TCP/IP IPNET stack due to TCP Urgent Pointer state confusion during connect() to a remote host; affects VxWorks 6.7–6.9 and vx7.
Overview
This CVE describes a buffer overflow in the IPNET TCP stack of Wind River VxWorks (versions 6.7–6.9 and vx7) stemming from TCP Urgent Pointer state confusion during connect() to a remote host. As an IPNET TCP vulnerability, it can potentially be exploited remotely to disrupt or compromise affected systems. The issue has been referenced in multiple security advisories from vendors and organizations, underscoring the need for applying the appropriate patch or upgrade to a fixed version and implementing compensating controls where necessary.
Remediation
- Apply the official Wind River fix: upgrade to a patched VxWorks release or apply the vendor-provided security hotfix addressing CVE-2019-12261. Check Wind River advisories and the specific page on IPNET urgent pointer vulnerabilities for the exact patched version (e.g., the “tcp-ip-network-stack-ipnet-urgent11” advisory page and related CVE notices).
- If upgrading is not feasible in the short term: implement compensating controls to limit exposure, such as:
- Restricting remote TCP connect access to affected devices via network segmentation and firewall ACLs.
- Isolating vulnerable systems from untrusted networks and limiting lateral movement.
- Enabling intrusion detection/monitoring for anomalous TCP Urgent Pointer usage or connect() attempts targeting the IPNET stack.
- Validate remediation:
- Confirm the patched version is running on affected devices.
- Run vulnerability scans or vendor-provided checks to verify the fix is in place.
- Monitor for indicators of compromise or exploit attempts related to this CVE.
- Documentation and risk review:
- Update asset inventories to reflect patched status.
- Reassess exposure and update risk assessments accordingly.
References
- - [Oracle CPU Oct 2020 Security Alerts](https://www.oracle.com/security-alerts/cpuoct2020.html)
- - [Wind River Security Notices](https://support2.windriver.com/index.php?page=security-notices)
- - [SonicWall PSIRT SNWLID-2019-0009](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009)
- - [Siemens SSA-632562.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf)
- - [NetApp Advisory NTAP-20190802-0001](https://security.netapp.com/advisory/ntap-20190802-0001/)
- - [Wind River IPNET Urgent11 Announcement](https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/)
- - [F5 Support Article K41190253](https://support.f5.com/csp/article/K41190253)
- - [Siemens SSA-189842.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf)
- - [Siemens SSA-352504.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf)
- - [Wind River CVE page (view id)](https://support2.windriver.com/index.php?page=view&id=CVE-2019-12261)
- - [Wind River CVE Detail (on view id)](https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12261)
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
