CVE-2019-12258

HIGH EPSS 97.5%
Published Aug 9, 20196y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Aug 9, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
97.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-384

Affected Products 71

VendorProductVersionRange
windrivervxworks*≥6.5  –  <6.9.4.12
windrivervxworks7.0any
sonicwallsonicos*≥5.9.0.0  –  ≤5.9.0.7
sonicwallsonicos*≥5.9.1.0.  –  ≤5.9.1.12
sonicwallsonicos*≥6.2.0.0  –  ≤6.2.3.1
sonicwallsonicos*≥6.2.4.0  –  ≤6.2.4.3
sonicwallsonicos*≥6.2.5.0  –  ≤6.2.5.3
sonicwallsonicos*≥6.2.6.0  –  ≤6.2.6.1
sonicwallsonicos*≥6.2.7.0  –  ≤6.2.7.4
sonicwallsonicos*≥6.2.9.0  –  ≤6.2.9.2
sonicwallsonicos*≥6.5.0.0  –  ≤6.5.0.3
sonicwallsonicos*≥6.5.1.0  –  ≤6.5.1.4
sonicwallsonicos*≥6.5.2.0  –  ≤6.5.2.3
sonicwallsonicos*≥6.5.3.0  –  ≤6.5.3.3
sonicwallsonicos*≥6.5.4.0.  –  ≤6.5.4.3
sonicwallsonicos6.2.7.0any
sonicwallsonicos6.2.7.1any
sonicwallsonicos6.2.7.7any
siemenssiprotec_5_firmware* <7.59
siemenssiprotec_5*any
netappe-series_santricity_os_controller*≥8.00  –  ≤8.40.50.00
siemenssiprotec_5_firmware* <7.91
siemenssiprotec_5*any
siemenspower_meter_9410_firmware* <2.2.1
siemenspower_meter_9410*any
siemenspower_meter_9810_firmware*any
siemenspower_meter_9810*any
siemensruggedcom_win7000_firmware* <bs5.2.461.17
siemensruggedcom_win7000*any
siemensruggedcom_win7018_firmware* <bs5.2.461.17
siemensruggedcom_win7018*any
siemensruggedcom_win7025_firmware* <bs5.2.461.17
siemensruggedcom_win7025*any
siemensruggedcom_win7200_firmware* <bs5.2.461.17
siemensruggedcom_win7200*any
beldenhirschmann_hios* ≤07.0.07
beldenhirschmann_ees20*any
beldenhirschmann_ees25*any
beldenhirschmann_eesx20*any
beldenhirschmann_eesx30*any
beldenhirschmann_grs1020*any
beldenhirschmann_grs1030*any
beldenhirschmann_grs1042*any
beldenhirschmann_grs1120*any
beldenhirschmann_grs1130*any
beldenhirschmann_grs1142*any
beldenhirschmann_msp30*any
beldenhirschmann_msp32*any
beldenhirschmann_rail_switch_power_lite*any
beldenhirschmann_rail_switch_power_smart*any
beldenhirschmann_red25*any
beldenhirschmann_rsp20*any
beldenhirschmann_rsp25*any
beldenhirschmann_rsp30*any
beldenhirschmann_rsp35*any
beldenhirschmann_rspe30*any
beldenhirschmann_rspe32*any
beldenhirschmann_rspe35*any
beldenhirschmann_rspe37*any
beldenhirschmann_hios* ≤07.5.01
beldenhirschmann_msp40*any
beldenhirschmann_octopus_os3*any
beldenhirschmann_hios* ≤07.2.04
beldenhirschmann_dragon_mach4000*any
beldenhirschmann_dragon_mach4500*any
beldenhirschmann_hios* ≤05.3.06
beldenhirschmann_eagle_one*any
beldenhirschmann_eagle20*any
beldenhirschmann_eagle30*any
beldengarrettcom_magnum_dx940e_firmware* ≤1.0.1_y7
beldengarrettcom_magnum_dx940e*any

References 9

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
    Third Party Advisory
  • psirt.global.sonicwall.com https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20190802-0001/
    Third Party Advisory
  • support.f5.com https://support.f5.com/csp/article/K41190253
    Third Party Advisory
  • support2.windriver.com https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12258
    Vendor Advisory
  • support2.windriver.com https://support2.windriver.com/index.php?page=security-notices
    Issue TrackingVendor Advisory
  • windriver.com https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.