CVE-2019-12263

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 6.9.4 through vx7

Description The issue is related to a TCP protocol vulnerability in Wind River VxWorks real-time operating systems, specifically concerning errors in the TCP Urgent Pointer state when a shared resource is used, leading to a race condition. This can be exploited by a remote attacker to execute arbitrary code by sending specially crafted TCP packets. The vulnerability involves a buffer overflow in the TCP component and an IPNET security issue due to TCP Urgent Pointer state confusion.

Recommendations For Wind River VxWorks versions 6.9.4 through vx7, update to a version that includes a fix for the TCP Urgent Pointer state confusion issue to prevent exploitation. As a temporary workaround, consider restricting access to the TCP component to minimize the risk of exploitation.