Allele Security Alert
ASA-2019-00498, CVE-2019-12258, V7NET-2426
Denial of Service (DoS) of TCP connection via malformed TCP options
Wind River VxWorks
Wind River VxWorks 6 version 6.6
Wind River VxWorks 6 version 6.7
Wind River VxWorks 6 version 6.8
Wind River VxWorks 6 versions 6.9.x before 22.214.171.124
Wind River VxWorks 7 versions 2.x.x.x before 126.96.36.199
Wind River VxWorks 7 versions 1.x.x.x before 188.8.131.52
Wind River VxWorks 6 version 184.108.40.206
Wind River VxWorks 7 version 220.127.116.11
Wind River VxWorks 7 version 18.104.22.168
Proof of concept
A specially crafted packet containing illegal TCP-options can result in the victim not just dropping the TCP-segment but also drop the TCP-session.
This vulnerability affects established TCP sessions. An attacker who can figure out the source and destination TCP port and IP addresses of a session can inject invalid TCP segments into the flow, causing the TCP session to be reset. An application will see this as an ECONNRESET error message when using the socket after such an attack. The most likely outcome is a crash of the application reading from the affected socket.
Ben Seri (Armis)
SECURITY ADVISORY: WIND RIVER TCP/IP STACK (IPNET) VULNERABILITIES
SECURITY VULNERABILITY RESPONSE INFORMATION – TCP/IP Network Stack (IPnet, Urgent/11)
URGENT/11 Information from the Research Team – Armis Labs
Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 12, 2019