Wind River VXWorks IPnet TCP/IP STACK Vulnerabilities
Currently available information suggests potential for buffer/heap overflows, race conditions, and NULL-pointer dereferencing that cause system or applications to crash or network connectivity issues due to improper network packets being sent. Current information also suggests access to the local LAN segment would be necessary for exploitation.
The 11 CVEs that were reported for these flaws are CVE-2019-12255 through CVE-2019-12265. Exploitability scores are not yet available for these CVEs.
One of more of these 11 vulnerabilities may affect products with the following:
- All versions of VxWorks under CURRENT support (126.96.36.199, Vx7 SR540, Vx7 SR610)
- Older, End-of-Life versions of VxWorks back to 6.5
- All versions of the discontinued product Advanced Networking Technology (ANT)
- IPnet when sold as a standalone TCP/IP network stack
- The VxWorks bootrom network stack
VXWorks 5.3 through 6.4 and all VXWorks Cert versions are NOT affected by these 11 vulnerabilities.
Software releases are available for:
- WorkCentre 3335/3345, WorkCentre 3215/3225, WorkCentre 4265, WorkCentre 6605, WorkCentre 3615, WorkCentre 3315/3325, WorkCentre 4250/4260, WorkCentre 3025BI, WorkCentre 3205NI, WorkCentre 3215/3225
- Xerox B1022/B1025
- Xerox Phaser 3635MFP, Xerox Phaser 4600/4620, Xerox Phaser 4622, Xerox Phaser 3330, Xerox Phaser 3320, Xerox Phaser 6600, Xerox Phaser 3610, Xerox Phaser 3020, Xerox Phaser 3052/3060
- Xerox Color C60/C70
Plans are underway to implement the patches created by Wind River to address the affected Xerox products. Software releases containing the fixes for these vulnerabilities will continue to be rolled out.
- Make sure to place your devices behind an external firewall and add a rule to drop/block any TCP-segment where the “Urgent Data” flag URG-flag is
- If your VXWorks version has an internal firewall, make sure that it is also enabled and add the rule to drop/block any TCP-segment where the “Urgent Data” flag URG-flag is set adding the following rule: ‘block in quick proto tcp all flags U/U’.
Always consult your IT department as appropriate.
This notice will be updated as further information becomes available. Please visit the Xerox Security Web Site at https://www.xerox.com/Security for additional updates.