#VU19585 Expected behavior violation in VxWorks - CVE-2019-12264
Published: July 31, 2019
Vulnerability identifier: #VU19585
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-12264
CWE-ID: CWE-440
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
VxWorks
VxWorks
Software vendor:
Wind River Systems, Inc.
Wind River Systems, Inc.
Description
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a logical flaw within the ipdhcpc DHCP client when processing broadcasted IP addresses. A remote attacker with control over DHCP server within the local network segment can assign multicast or broadcast addresses to the victim.
Remediation
Install updates from vendor's website.
The vulnerability is fixed in:
VxWorks 6.9: update to version 6.9.4.12
VxWorks 7: update to versions 2.1.0.0 or 1.4.3.1.
VxWorks 6.9: update to version 6.9.4.12
VxWorks 7: update to versions 2.1.0.0 or 1.4.3.1.