CVE-2019-12264 — Argument Injection in Vxworks

Severity

7.1HIGHNVD

EPSS

0.1%

top 77.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 5

Latest updateMay 24

Description

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

▶NVDwindriver/vxworks6 versions+5

GHSA

GHSA-7975-fjpp-fmh7: Wind River VxWorks 6↗2022-05-24

▶

CVEList

CVE-2019-12264: Wind River VxWorks 6↗2019-08-05

▶

Bugzilla

CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp↗2018-06-13

▶