var-201908-0712
Vulnerability from variot
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. An attacker could exploit the vulnerability to execute code. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Wind River Systems VxWorks Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in Wind River VxWorks could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. A successful exploit could allow the malicious user to execute arbitrary code or cause a DoS condition on the targeted system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0712", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": "eq", "trust": 2.6, "vendor": "sonicos", "version": "*" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.5.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.0.3" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.6.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.1.4" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.4.0." }, { "model": "hirschmann hios", "scope": "lte", "trust": 1.0, "vendor": "belden", "version": "07.5.01" }, { "model": "e-series santricity os controller", "scope": "lte", "trust": 1.0, "vendor": "netapp", "version": "8.40.50.00" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "5.9.0.0" }, { "model": "vxworks", "scope": "lt", "trust": 1.0, "vendor": "windriver", "version": "6.9.4" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.7.0" }, { "model": "ruggedcom win7000", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "bs5.2.461.17" }, { "model": "hirschmann hios", "scope": "lte", "trust": 1.0, "vendor": "belden", "version": "07.2.04" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.7.4" }, { "model": "hirschmann hios", "scope": "lte", "trust": 1.0, "vendor": "belden", "version": "05.3.06" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "5.9.1.0." }, { "model": "ruggedcom win7200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "bs5.2.461.17" }, { "model": "power meter 9810", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "garrettcom magnum dx940e", "scope": "lte", "trust": 1.0, "vendor": "belden", "version": "1.0.1_y7" }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.7.7" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.0.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.2.3" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.9.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "5.9.1.12" }, { "model": "e-series santricity os controller", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "8.00" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.1.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.9.2" }, { "model": "power meter 9410", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.1" }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.7.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.3.1" }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.7.1" }, { "model": "ruggedcom win7018", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "bs5.2.461.17" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.4.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.3.3" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.0.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.5.3" }, { "model": "vxworks", "scope": "gte", "trust": 1.0, "vendor": "windriver", "version": "6.5" }, { "model": "ruggedcom win7025", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "bs5.2.461.17" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.4.3" }, { "model": "siprotec 5", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.2.0" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.2.6.1" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "5.9.0.7" }, { "model": "sonicos", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.3.0" }, { "model": "siprotec 5", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.91" }, { "model": "hirschmann hios", "scope": "lte", "trust": 1.0, "vendor": "belden", "version": "07.0.07" }, { "model": "sonicos", "scope": "lte", "trust": 1.0, "vendor": "sonicwall", "version": "6.5.4.3" }, { "model": "e-series santricity os controller", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "siprotec 5", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "sonicos", "scope": null, "trust": 0.8, "vendor": "sonicwall", "version": null }, { "model": "vxworks", "scope": null, "trust": 0.8, "vendor": "\u30a6\u30a4\u30f3\u30c9\u30ea\u30d0\u30fc\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "siprotec 5", "version": "*" }, { "model": "river systems wind river systems vxworks", "scope": "eq", "trust": 0.6, "vendor": "wind", "version": "6.9" }, { "model": "river systems wind river systems vxworks", "scope": "eq", "trust": 0.6, "vendor": "wind", "version": "6.8" }, { "model": "river systems wind river systems vxworks", "scope": "eq", "trust": 0.6, "vendor": "wind", "version": "6.7" }, { "model": "river systems wind river systems vxworks", "scope": "eq", "trust": 0.6, "vendor": "wind", "version": "6.6" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "vxworks", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "e series santricity os controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sonicos", "version": "6.2.7.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sonicos", "version": "6.2.7.7" } ], "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "NVD", "id": "CVE-2019-12255" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zhou Yu", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1497" } ], "trust": 0.6 }, "cve": "CVE-2019-12255", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-12255", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-25700", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-143983", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-12255", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-12255", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-12255", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-12255", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-25700", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201907-1497", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-143983", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-12255", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "VULHUB", "id": "VHN-143983" }, { "db": "VULMON", "id": "CVE-2019-12255" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "CNNVD", "id": "CNNVD-201907-1497" }, { "db": "NVD", "id": "CVE-2019-12255" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. An attacker could exploit the vulnerability to execute code. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Wind River Systems VxWorks Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in Wind River VxWorks could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. A successful exploit could allow the malicious user to execute arbitrary code or cause a DoS condition on the targeted system", "sources": [ { "db": "NVD", "id": "CVE-2019-12255" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "VULHUB", "id": "VHN-143983" }, { "db": "VULMON", "id": "CVE-2019-12255" } ], "trust": 2.52 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47233", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-12255" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-12255", "trust": 4.2 }, { "db": "PACKETSTORM", "id": "154022", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-352504", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-189842", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-632562", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-19-274-01", "trust": 1.4 }, { "db": "ICS CERT", "id": "ICSA-19-211-01", "trust": 1.4 }, { "db": "ICS CERT", "id": "ICSMA-19-274-01", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201907-1497", "trust": 0.9 }, { "db": "ICS CERT", "id": "ICSA-23-320-10", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-25700", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92598492", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92467308", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-007841", "trust": 0.8 }, { "db": "EXPLOIT-DB", "id": "47233", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3695.5", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2856", "trust": 0.6 }, { "db": "IVD", "id": "61D7170C-1DA5-4162-B6EC-A6C8DA8A0466", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-143983", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-12255", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "VULHUB", "id": "VHN-143983" }, { "db": "VULMON", "id": "CVE-2019-12255" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "CNNVD", "id": "CNNVD-201907-1497" }, { "db": "NVD", "id": "CVE-2019-12255" } ] }, "id": "VAR-201908-0712", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "VULHUB", "id": "VHN-143983" } ], "trust": 1.4289024700000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" } ] }, "last_update_date": "2024-11-23T21:07:51.419000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security\u00a0Notices Siemens Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://security.netapp.com/advisory/ntap-20190802-0001/" }, { "title": "Wind River Systems VxWorks Patch for Digital Error Vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/172897" }, { "title": "Wind River Systems VxWorks Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95612" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1f919286ef48798d96223ef4d2143337" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2dd69ca01b84b80e09672fedb1c26f51" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=99fa839be73f2df819a67c27caa912f8" }, { "title": "Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-222" }, { "title": "Urgent11-Suricata-LUA-scripts", "trust": 0.1, "url": "https://github.com/sud0woodo/Urgent11-Suricata-LUA-scripts " }, { "title": "urgent11-poc", "trust": 0.1, "url": "https://github.com/iweizime/urgent11-poc " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/developer3000S/PoC-in-GitHub " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/hectorgie/PoC-in-GitHub " }, { "title": "CVE-POC", "trust": 0.1, "url": "https://github.com/0xT11/CVE-POC " }, { "title": "PoC-in-GitHub", "trust": 0.1, "url": "https://github.com/nomi-sec/PoC-in-GitHub " }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/over-100-000-medical-infusion-pumps-vulnerable-to-years-old-critical-bug/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "VULMON", "id": "CVE-2019-12255" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "CNNVD", "id": "CNNVD-201907-1497" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-119", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-143983" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "NVD", "id": "CVE-2019-12255" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://packetstormsecurity.com/files/154022/vxworks-6.8-integer-underflow.html" }, { "trust": 2.3, "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=cve-2019-12255" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12255" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf" }, { "trust": 1.8, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190802-0001/" }, { "trust": 1.8, "url": "https://support.f5.com/csp/article/k41190253" }, { "trust": 1.8, "url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/" }, { "trust": 1.8, "url": "https://support2.windriver.com/index.php?page=security-notices" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-01" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsma-19-274-01" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-01" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k41190253?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.9, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92467308/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92598492/" }, { "trust": 0.7, "url": "https://www.exploit-db.com/exploits/47233" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k41190253?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf" }, { "trust": 0.6, "url": "https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3695.5/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2856/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k41190253?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://support2.windriver.com/index.php?page=cve\u0026amp;on=view\u0026amp;id=cve-2019-12255" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60681" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/sud0woodo/urgent11-suricata-lua-scripts" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "VULHUB", "id": "VHN-143983" }, { "db": "VULMON", "id": "CVE-2019-12255" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "CNNVD", "id": "CNNVD-201907-1497" }, { "db": "NVD", "id": "CVE-2019-12255" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" }, { "db": "VULHUB", "id": "VHN-143983" }, { "db": "VULMON", "id": "CVE-2019-12255" }, { "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "db": "CNNVD", "id": "CNNVD-201907-1497" }, { "db": "NVD", "id": "CVE-2019-12255" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-02T00:00:00", "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "date": "2019-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2019-25700" }, { "date": "2019-08-09T00:00:00", "db": "VULHUB", "id": "VHN-143983" }, { "date": "2019-08-09T00:00:00", "db": "VULMON", "id": "CVE-2019-12255" }, { "date": "2019-08-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "date": "2019-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1497" }, { "date": "2019-08-09T20:15:11.347000", "db": "NVD", "id": "CVE-2019-12255" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-02T00:00:00", "db": "CNVD", "id": "CNVD-2019-25700" }, { "date": "2019-10-02T00:00:00", "db": "VULHUB", "id": "VHN-143983" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2019-12255" }, { "date": "2023-11-21T01:10:00", "db": "JVNDB", "id": "JVNDB-2019-007841" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201907-1497" }, { "date": "2024-11-21T04:22:29.610000", "db": "NVD", "id": "CVE-2019-12255" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201907-1497" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Wind River Systems VxWorks Digital Error Vulnerability", "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNVD", "id": "CNVD-2019-25700" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "61d7170c-1da5-4162-b6ec-a6c8da8a0466" }, { "db": "CNNVD", "id": "CNNVD-201907-1497" } ], "trust": 0.8 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.