#VU19578 Stack-based buffer overflow in VxWorks - CVE-2019-12256
Published: July 31, 2019
Vulnerability identifier: #VU19578
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2019-12256
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
VxWorks
VxWorks
Software vendor:
Wind River Systems, Inc.
Wind River Systems, Inc.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing IPv4 options. A remote unauthenticated attacker can send specially crafted network traffic to the affected system, trigger stack-based buffer overflow and execute arbitrary code on the target system or crash the tNet0 task.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.
The vulnerability was fixed in
VxWorks 6.9: version 6.9.4.12
VxWorks 7: versions 2.1.0.0 and 1.4.3.1