Main Vulnerability Database Exploits ID:95 - Exploit for Input validation error in VxWorks - CVE-2019-12258

ID:95 - Exploit for Input validation error in VxWorks - CVE-2019-12258

Published: March 18, 2020

Vulnerability identifier: #VU19584

Vulnerability risk: Low

CVE-ID: CVE-2019-12258

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
VxWorks

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/vxworks/urgent11_check

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation when processing options in TCP packets. A remote attacker can a specially crafted TCP packet with the source and destination TCP-port and IP-addresses of an existing session can reset the TCP session, leading to a DoS attack.

Remediation

Install updates from vendor's website.

The vulnerability is fixed in:
VxWorks 6.9: update to version 6.9.4.12
VxWorks 7: update to versions 2.1.0.0 or 1.4.3.1.

ID:95 - Exploit for Input validation error in VxWorks - CVE-2019-12258

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human