CVE-2019-12261

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 6.7 through 6.9 Wind River VxWorks version vx7

Description The issue is related to errors in the TCP Urgent Pointer state during the "connect()" operation to a remote host. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending specially crafted TCP packets. This is an IPNET security vulnerability related to TCP Urgent Pointer state confusion during connection to a remote host.

Recommendations For Wind River VxWorks versions 6.7 through 6.9, consider disabling the TCP component until a patch is available. For Wind River VxWorks version vx7, consider restricting access to the TCP component to minimize the risk of exploitation. As a temporary workaround, avoid using the connect() function to remote hosts until the issue is resolved.