Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-222
Final
1
1
2019-08-26T00:00:00
Current version
2019-08-26T00:00:00
2019-08-26T00:00:00
11 zero day vulnerabilities (aka. URGENT/11) were disclosed in VxWorks® TCP/IP stack (IPnet):CVE-2019-12255 - TCP Urgent Pointer = 0 leads to integer underflow.CVE-2019-12256 - Stack overflow in the parsing of IPv4 packets’ IP options.CVE-2019-12257 - Heap overflow in DHCP Offer/Ack parsing inside ipdhcpc.CVE-2019-12258 - DoS of TCP connection via malformed TCP options.CVE-2019-12259 - DoS via NULL dereference in IGMP parsing.CVE-2019-12260 - TCP Urgent Pointer state confusion caused by malformed TCP AO option.CVE-2019-12261 - TCP Urgent Pointer state confusion during connect() to a remote host.CVE-2019-12262 - Handling of unsolicited Reverse ARP replies (logic flaw).CVE-2019-12263 - TCP Urgent Pointer state confusion due to a race condition.CVE-2019-12264 - Logic flaw in IPv4 assignment by ipdhcpc DHCP client.CVE-2019-12265 - IGMP information leak via IGMPv3 specific membership report.
Denial of service
The following Fortinet products are NOT affected:FortiOS FortiAPFortiSwitchFortiAnalyzerFortiMailFortiManagerFortiWebNone of the products above are using or based on VxWorks operating system.
https://fortiguard.fortinet.com/psirt/FG-IR-19-222
Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)
https://armis.com/urgent11/
https://armis.com/urgent11/
Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)
CVE-2019-12255
CVE-2019-12256
CVE-2019-12257
CVE-2019-12258
CVE-2019-12259
CVE-2019-12260
CVE-2019-12261
CVE-2019-12262
CVE-2019-12263
CVE-2019-12264
CVE-2019-12265
0
https://fortiguard.fortinet.com/psirt/FG-IR-19-222
Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)
Reference>
https://armis.com/urgent11/
https://armis.com/urgent11/