CNVD-2019-25706 — Vulnetix

CNVD-2019-25706 PUBLISHED

Wind River Systems VxWorks是美国风河系统（Wind River Systems）公司的一套嵌入式实时操作系统（RTOS）。 Wind River Systems VxWorks中存在参数注入漏洞。该漏洞源于外部输入数据构造命令参数的过程中，网络系统或产品未正确过滤参数中的特殊字符。攻击者可利用该漏洞执行非法命令。

Affected Products

Vendor	Product	Versions
	Wind River Systems Wind River Systems VxWorks 6.9
	Wind River Systems Wind River Systems VxWorks 6.7
	Wind River Systems Wind River Systems VxWorks 6.8
	Wind River Systems Wind River Systems VxWorks 6.6

Timeline

Jul 31, 2019 CVE ID Reserved
Aug 2, 2019 CVE Published

References

https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ url
CVE-2019-12264 url

Open in Interactive Console →