Dashboard Toolbox - Query for URGENT/11

Document created by DMFezzaReed Employee on Jul 30, 2019
Version 1Show Document
  • View in full screen mode

Dashboard Toolbox - Query for URGENT/11

11 Zero-Day Vulnerabilities Impacting VxWorks, the Most Widely Used Real-Time Operating System (RTOS) 

https://armis.com/urgent11/ 

 

Excerpt from https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html?m=1:

 

Critical Remote Code Execution Flaws:

  • Stack overflow in the parsing of IPv4 options (CVE-2019-12256)
  • Four memory corruption vulnerabilities stemming from erroneous handling of TCP's Urgent Pointer field (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263)
  • Heap overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257)


DoS, Information Leak, and Logical Flaws:

  • TCP connection DoS via malformed TCP options (CVE-2019-12258)
  • Handling of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262)
  • Logical flaw in IPv4 assignment by the ipdhcpc DHCP client (CVE-2019-12264)
  • DoS via NULL dereference in IGMP parsing (CVE-2019-12259)
  • IGMP Information leak via IGMPv3 specific membership report (CVE-2019-12265)

 

Qualys Vulnerability Signature's Team is working to create the appropriate detections.  If you want to get ahead of the curve, I offer the following query that can be applied to widgets in AssetView and Vulnerability Management dashboards:

 

vulnerabilities.vulnerability:(cveIds:CVE-2019-12255 OR cveIds:CVE-2019-12256 OR cveIds:CVE-2019-12257 OR cveIds:CVE-2019-12258 OR cveIds:CVE-2019-12259 OR cveIds:CVE-2019-12260 OR cveIds:CVE-2019-12261 OR cveIds:CVE-2019-12262 OR cveIds:CVE-2019-12263 OR cveIds:CVE-2019-12264 OR cveIds:CVE-2019-12265 )

 

Any number of additional tokens, and/or filters, could be added to the query and/or widget to focus on detections that align with your security policies.

Attachments

    Outcomes