CVE-2019-12260

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 6.9 through vx7

Description The issue is related to a Buffer Overflow in the TCP component, specifically a TCP Urgent Pointer state confusion caused by a malformed TCP AO option. This can be exploited by sending specially crafted TCP packets, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For Wind River VxWorks versions 6.9 through vx7, consider disabling the TCP AO option as a temporary workaround until a patch is available. Restrict access to the TCP component to minimize the risk of exploitation. Avoid using the TCP Urgent Pointer feature in the affected TCP component until the issue is resolved.