PT-2019-4742 · Wind River · Vxworks

Published

2019-08-05

Updated

2022-06-16

CVE-2019-12264

CVSS v3.1

7.1

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Wind River VxWorks versions 6.6 through 6.9.4 Wind River VxWorks version 7

Description The issue is related to incorrect access control in IPv4 assignment by the ipdhcpc DHCP client component. This can allow an attacker to impact the integrity and availability of protected information.

Recommendations For Wind River VxWorks versions 6.6 through 6.9.4, consider restricting access to the ipdhcpc DHCP client component until a fix is available. For Wind River VxWorks version 7, consider restricting access to the ipdhcpc DHCP client component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-840CWE-88

Related Identifiers

BDU:2020-01294

CVE-2019-12264

Affected Products

Vxworks

PT-2019-4742 · Wind River · Vxworks

CVE-2019-12264

Weakness Enumeration

Related Identifiers

Affected Products

References · 12