Allele Security Alert
ASA-2019-00504
Identifier(s)
ASA-2019-00504, CVE-2019-12264, V7NET-2428
Title
Logical flaw in IPv4 assignment by the ipdhcpc DHCP client
Vendor(s)
Wind River
Product(s)
Wind River VxWorks
Affected version(s)
Wind River VxWorks 6 version 6.6
Wind River VxWorks 6 version 6.7
Wind River VxWorks 6 version 6.8
Wind River VxWorks 6 versions 6.9.x.x before 6.9.4.12
Wind River VxWorks 7 versions 2.x.x.x before 2.1.0.0
Wind River VxWorks 7 versions 1.x.x.x before 1.4.3.1
Fixed version(s)
Wind River VxWorks 6 version 6.9.4.12
Wind River VxWorks 7 version 2.1.0.0
Wind River VxWorks 7 version 1.4.3.1
Proof of concept
Unknown
Description
The VxWorks DHCP client fails to properly validate that the offered IP-address in a DHCP renewal or offer response contains a valid unicast address. An attacker may assign multicast or broadcast addresses to the victim.
An attacker residing on the LAN may choose to highjack a DHCP-client session that requests an IPv4 address. The attacker can send a multicast IP address in the DHCP offer/ack message, which the victim system then incorrectly assigns. This vulnerability is not very useful in isolation, but can be combined with ASA-2019-00499 to create a denial-ofservice attack.
Technical details
Unknown
Credits
Ben Seri (Armis Labs)
Reference(s)
SECURITY ADVISORY: WIND RIVER TCP/IP STACK (IPNET) VULNERABILITIES
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf
SECURITY VULNERABILITY RESPONSE INFORMATION – TCP/IP Network Stack (IPnet, Urgent/11)
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264
URGENT/11 Information from the Research Team – Armis Labs
https://armis.com/urgent11/
Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS
https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
https://i.blackhat.com/USA-19/Thursday/us-19-Seri-Critical-Zero-Days-Remotely-Compromise-The-Most-Popular-Real-Time-OS.pdf
ASA-2019-00499 – Wind River VxWorks: Denial of Service (DoS) via NULL dereference in IGMP parsing
https://allelesecurity.com/asa-2019-00499/
CVE-2019-12264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12264
CVE-2019-12264
https://nvd.nist.gov/vuln/detail/CVE-2019-12264
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 15, 2019