CVE-2019-12257
HIGHCVSS 8.8/10EPSS 84.18%
Last modified
CVE-2019-12257 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.. EPSS estimates a 84.18% chance of exploitation in the next 30 days.
Description
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Windriver | Vxworks | >= 6.5, < 6.9.4 |
| Sonicwall | Sonicos | >= 5.9.0.0, <= 5.9.0.7 |
| Sonicwall | Sonicos | >= 5.9.1.0., <= 5.9.1.12 |
| Sonicwall | Sonicos | >= 6.2.0.0, <= 6.2.3.1 |
| Sonicwall | Sonicos | >= 6.2.4.0, <= 6.2.4.3 |
| Sonicwall | Sonicos | >= 6.2.5.0, <= 6.2.5.3 |
| Sonicwall | Sonicos | >= 6.2.6.0, <= 6.2.6.1 |
| Sonicwall | Sonicos | >= 6.2.7.0, <= 6.2.7.4 |
| Sonicwall | Sonicos | >= 6.2.9.0, <= 6.2.9.2 |
| Sonicwall | Sonicos | >= 6.5.0.0, <= 6.5.0.3 |
| Sonicwall | Sonicos | >= 6.5.1.0, <= 6.5.1.4 |
| Sonicwall | Sonicos | >= 6.5.2.0, <= 6.5.2.3 |
| Sonicwall | Sonicos | >= 6.5.3.0, <= 6.5.3.3 |
| Sonicwall | Sonicos | >= 6.5.4.0., <= 6.5.4.3 |
| Sonicwall | Sonicos | 6.2.7.0 |
| Sonicwall | Sonicos | 6.2.7.1 |
| Sonicwall | Sonicos | 6.2.7.7 |
| Siemens | Siprotec 5 Firmware | < 7.59 |
| Netapp | E-Series Santricity Os Controller | >= 8.00, <= 8.40.50.00 |
| Siemens | Siprotec 5 Firmware | < 7.91 |
| Siemens | Ruggedcom Win7000 Firmware | < bs5.2.461.17 |
| Siemens | Ruggedcom Win7018 Firmware | < bs5.2.461.17 |
| Siemens | Ruggedcom Win7025 Firmware | < bs5.2.461.17 |
| Siemens | Ruggedcom Win7200 Firmware | < bs5.2.461.17 |
| Belden | Hirschmann Hios | <= 07.0.07 |
| Belden | Hirschmann Hios | <= 07.5.01 |
| Belden | Hirschmann Hios | <= 07.2.04 |
| Belden | Hirschmann Hios | <= 05.3.06 |
| Belden | Garrettcom Magnum Dx940e Firmware | <= 1.0.1_y7 |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdfThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009Third Party Advisory
- https://security.netapp.com/advisory/ntap-20190802-0001/Third Party Advisory
- https://support.f5.com/csp/article/K41190253Third Party Advisory
- https://support2.windriver.com/index.php?page=security-noticesIssue Tracking, Vendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfThird Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdfThird Party Advisory
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009Third Party Advisory
- https://security.netapp.com/advisory/ntap-20190802-0001/Third Party Advisory
- https://support.f5.com/csp/article/K41190253Third Party Advisory
- https://support2.windriver.com/index.php?page=security-noticesIssue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12257?
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
How severe is CVE-2019-12257?
CVE-2019-12257 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 84.18% probability of exploitation in the next 30 days.
How do I fix CVE-2019-12257?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-12257?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST