Summary

Security Advisory ID : BSA-2019-840

Component : VxWorks

Revision : 1.0: Initial

 
The Armis research team, Armis Labs, have discovered 11 zero day vulnerabilities in VxWorks®. VxWorks is used by over 2 billion devices including critical industrial, medical and enterprise devices. Dubbed “URGENT/11,” the vulnerabilities reside in VxWorks’ TCP/IP stack (IPnet). Armis has worked closely with Wind River®, the maintainer of VxWorks, and the latest VxWorks 7 released on July 19 contains fixes for all the discovered vulnerabilities.
 
Six Critical vulnerabilities, allowing remote-code-execution:

• Stack overflow in the parsing of IPv4 options (CVE-2019-12256)
• Four memory corruption vulnerabilities stemming from erroneous handling of TCP’s Urgent Pointer field (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263).
• Heap overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257)  

Five Vulnerabilities leading to denial of service, information leak or certain logical flaws:

• TCP connection DoS via malformed TCP options (CVE-2019-12258)
• Handling of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262)
• Logical flaw in IPv4 assignment by the ​ipdhcpc DHCP client (CVE-2019-12264)
• DoS via NULL dereference in IGMP parsing (CVE-2019-12259)
• IGMP Information leak via IGMPv3 specific membership report (CVE-2019-12265)

More at: https://armis.com/urgent11/
 
Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

Note:
Brocade Manageability products are not vulnerable to WxWorks Vulnerabilities.. However, since the environment that runs the products is not under Brocade's control, Brocade recommends Customers to apply recommendation from the vendors.

Revision History

Version	Change	Date
1.0	Initial Publication	July 30, 2019