VAR-201908-0706
Vulnerability from variot - Updated: 2024-11-23 19:39Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. The vulnerability stems from the process of constructing command parameters from external input data. The network system or product does not properly filter the special characters in the parameters. An attacker could exploit the vulnerability to execute an illegal command. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Wind River Systems VxWorks Version 7, Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in the IGMPv3 client component of Wind River VxWorks could allow unauthenticated, remote malicious user to access sensitive information on a targeted system.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0706",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "sonicos",
"version": "*"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.5.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.0.3"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.6.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.1.4"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.4.0."
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "7.0"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "07.5.01"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "5.9.0.0"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "8.40.50.00"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.7.0"
},
{
"model": "ruggedcom win7000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "07.2.04"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.7.4"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "05.3.06"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "5.9.1.0."
},
{
"model": "ruggedcom win7200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "power meter 9810",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "garrettcom magnum dx940e",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "1.0.1_y7"
},
{
"model": "siprotec 5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.59"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.7.7"
},
{
"model": "vxworks",
"scope": "lt",
"trust": 1.0,
"vendor": "windriver",
"version": "6.9.4.12"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.0.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.2.3"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "8.00"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "5.9.1.12"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.9.0"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.1.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.9.2"
},
{
"model": "power meter 9410",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2.1"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.7.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.3.1"
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.7.1"
},
{
"model": "ruggedcom win7018",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.4.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.3.3"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.0.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.5.3"
},
{
"model": "vxworks",
"scope": "gte",
"trust": 1.0,
"vendor": "windriver",
"version": "6.5"
},
{
"model": "ruggedcom win7025",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.4.3"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.2.0"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.2.6.1"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "5.9.0.7"
},
{
"model": "sonicos",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.3.0"
},
{
"model": "siprotec 5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.91"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "07.0.07"
},
{
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "6.5.4.3"
},
{
"model": "e-series santricity os controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "siprotec 5",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sonicos",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "vxworks",
"scope": null,
"trust": 0.8,
"vendor": "\u30a6\u30a4\u30f3\u30c9\u30ea\u30d0\u30fc\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "siprotec 5",
"version": "*"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.9"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.8"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.7"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "e series santricity os controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sonicos",
"version": "6.2.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sonicos",
"version": "6.2.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sonicos",
"version": "6.2.7.7"
}
],
"sources": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"cve": "CVE-2019-12265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-12265",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-25707",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-143994",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-12265",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-12265",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12265",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-12265",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-25707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1489",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-143994",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-12265",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "VULHUB",
"id": "VHN-143994"
},
{
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
},
{
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. The vulnerability stems from the process of constructing command parameters from external input data. The network system or product does not properly filter the special characters in the parameters. An attacker could exploit the vulnerability to execute an illegal command. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Wind River Systems VxWorks Version 7, Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in the IGMPv3 client component of Wind River VxWorks could allow unauthenticated, remote malicious user to access sensitive information on a targeted system. \n\nProof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "VULHUB",
"id": "VHN-143994"
},
{
"db": "VULMON",
"id": "CVE-2019-12265"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12265",
"trust": 4.2
},
{
"db": "SIEMENS",
"id": "SSA-352504",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-189842",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-632562",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-274-01",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-211-01",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSMA-19-274-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-23-320-10",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-25707",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92598492",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92467308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3695.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ASB-2019.0224",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2856",
"trust": 0.6
},
{
"db": "IVD",
"id": "14A30265-6509-41D2-8C7A-3A278582EA2A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-143994",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-12265",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "VULHUB",
"id": "VHN-143994"
},
{
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
},
{
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"id": "VAR-201908-0706",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "VULHUB",
"id": "VHN-143994"
}
],
"trust": 1.4289024700000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
}
]
},
"last_update_date": "2024-11-23T19:39:29.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Notices Siemens Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190802-0001/"
},
{
"title": "Patch for Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25707)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/172953"
},
{
"title": "Wind River Systems VxWorks Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95604"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1f919286ef48798d96223ef4d2143337"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2dd69ca01b84b80e09672fedb1c26f51"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=99fa839be73f2df819a67c27caa912f8"
},
{
"title": "Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-222"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "resource management issues (CWE-399) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=cve-2019-12265"
},
{
"trust": 1.8,
"url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190802-0001/"
},
{
"trust": 1.8,
"url": "https://support.f5.com/csp/article/k41190253"
},
{
"trust": 1.8,
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12265"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-274-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-01"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92467308/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92598492/index.html"
},
{
"trust": 0.6,
"url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf"
},
{
"trust": 0.6,
"url": "https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-222"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3695.5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2856/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/asb-2019.0224/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3245/"
},
{
"trust": 0.1,
"url": "https://support2.windriver.com/index.php?page=cve\u0026amp;on=view\u0026amp;id=cve-2019-12265"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60689"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "VULHUB",
"id": "VHN-143994"
},
{
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
},
{
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"db": "VULHUB",
"id": "VHN-143994"
},
{
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
},
{
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"date": "2019-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-143994"
},
{
"date": "2019-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"date": "2019-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"date": "2019-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1489"
},
{
"date": "2019-08-09T19:15:11.327000",
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25707"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-143994"
},
{
"date": "2022-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12265"
},
{
"date": "2023-11-21T01:26:00",
"db": "JVNDB",
"id": "JVNDB-2019-007852"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1489"
},
{
"date": "2024-11-21T04:22:31.523000",
"db": "NVD",
"id": "CVE-2019-12265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind\u00a0River\u00a0VxWorks\u00a0 Vulnerabilities related to resource management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "14a30265-6509-41d2-8c7a-3a278582ea2a"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1489"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…