CVE-2019-12265

MEDIUM EPSS 98.9%
Published Aug 9, 20196y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Aug 9, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
98.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-401

Affected Products 73

VendorProductVersionRange
windrivervxworks*≥6.5  –  <6.9.4.12
windrivervxworks7.0any
sonicwallsonicos*≥5.9.0.0  –  ≤5.9.0.7
sonicwallsonicos*≥5.9.1.0.  –  ≤5.9.1.12
sonicwallsonicos*≥6.2.0.0  –  ≤6.2.3.1
sonicwallsonicos*≥6.2.4.0  –  ≤6.2.4.3
sonicwallsonicos*≥6.2.5.0  –  ≤6.2.5.3
sonicwallsonicos*≥6.2.6.0  –  ≤6.2.6.1
sonicwallsonicos*≥6.2.7.0  –  ≤6.2.7.4
sonicwallsonicos*≥6.2.9.0  –  ≤6.2.9.2
sonicwallsonicos*≥6.5.0.0  –  ≤6.5.0.3
sonicwallsonicos*≥6.5.1.0  –  ≤6.5.1.4
sonicwallsonicos*≥6.5.2.0  –  ≤6.5.2.3
sonicwallsonicos*≥6.5.3.0  –  ≤6.5.3.3
sonicwallsonicos*≥6.5.4.0.  –  ≤6.5.4.3
sonicwallsonicos6.2.7.0any
sonicwallsonicos6.2.7.1any
sonicwallsonicos6.2.7.7any
siemenssiprotec_5_firmware* <7.91
siemenssiprotec_5*any
siemenssiprotec_5_firmware* <7.59
siemenssiprotec_5*any
siemenssiprotec_5_firmware* <7.91
siemenssiprotec_5*any
netappe-series_santricity_os_controller*≥8.00  –  ≤8.40.50.00
siemenspower_meter_9410_firmware* <2.2.1
siemenspower_meter_9410*any
siemenspower_meter_9810_firmware*any
siemenspower_meter_9810*any
siemensruggedcom_win7000_firmware* <bs5.2.461.17
siemensruggedcom_win7000*any
siemensruggedcom_win7018_firmware* <bs5.2.461.17
siemensruggedcom_win7018*any
siemensruggedcom_win7025_firmware* <bs5.2.461.17
siemensruggedcom_win7025*any
siemensruggedcom_win7200_firmware* <bs5.2.461.17
siemensruggedcom_win7200*any
beldenhirschmann_hios* ≤07.0.07
beldenhirschmann_ees20*any
beldenhirschmann_ees25*any
beldenhirschmann_eesx20*any
beldenhirschmann_eesx30*any
beldenhirschmann_grs1020*any
beldenhirschmann_grs1030*any
beldenhirschmann_grs1042*any
beldenhirschmann_grs1120*any
beldenhirschmann_grs1130*any
beldenhirschmann_grs1142*any
beldenhirschmann_msp30*any
beldenhirschmann_msp32*any
beldenhirschmann_rail_switch_power_lite*any
beldenhirschmann_rail_switch_power_smart*any
beldenhirschmann_red25*any
beldenhirschmann_rsp20*any
beldenhirschmann_rsp25*any
beldenhirschmann_rsp30*any
beldenhirschmann_rsp35*any
beldenhirschmann_rspe30*any
beldenhirschmann_rspe32*any
beldenhirschmann_rspe35*any
beldenhirschmann_rspe37*any
beldenhirschmann_hios* ≤07.5.01
beldenhirschmann_msp40*any
beldenhirschmann_octopus_os3*any
beldenhirschmann_hios* ≤07.2.04
beldenhirschmann_dragon_mach4000*any
beldenhirschmann_dragon_mach4500*any
beldenhirschmann_hios* ≤05.3.06
beldenhirschmann_eagle_one*any
beldenhirschmann_eagle20*any
beldenhirschmann_eagle30*any
beldengarrettcom_magnum_dx940e_firmware* ≤1.0.1_y7
beldengarrettcom_magnum_dx940e*any

References 9

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
    Third Party Advisory
  • psirt.global.sonicwall.com https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20190802-0001/
    Third Party Advisory
  • support.f5.com https://support.f5.com/csp/article/K41190253
    Third Party Advisory
  • support2.windriver.com https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12265
    Vendor Advisory
  • support2.windriver.com https://support2.windriver.com/index.php?page=security-notices
    Issue TrackingVendor Advisory
  • windriver.com https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.