CVE-2019-12255
CVE-2019-12255
Vexday Risk Score
67High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Popular PoC on GitHub (19 stars) — exploitation code widely available.
CVSS —EPSS 75.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
09 Aug 2019Published on NVD
12 Aug 2019Public PoC
Weaponization speed
2 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/sud0woodo/Urgent11-Suricata-LUA-scripts★ 19cve_referencepacketstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47233unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009https://security.netapp.com/advisory/ntap-20190802-0001/https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255https://support2.windriver.com/index.php?page=security-noticeshttps://support.f5.com/csp/article/K41190253https://support.f5.com/csp/article/K41190253?utm_source=f5support&%3Butm_medium=RSShttps://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/