August 9, 2019
⚠️ VxWorks IPnet: Urgent/11 Vulnerability ⚠️
Security Practice Lead
On July 29th, Armis Labs research team reported 11 zero-day vulnerabilities in VxWorks. This suite of 11 vulnerabilities is also known as “URGENT/11”. These vulnerabilities reside in VxWorks’ TCP/IP stack (IPnet), impacting all versions since VxWorks version 6.5.
Six of the vulnerabilities are classified as critical and enable Remote Code Execution (RCE). The remaining vulnerabilities are classified as denial of service, information leaks or logical flaws. URGENT/11 is serious as it enables attackers to take over devices with no user interaction required.
A more detailed description of these vulnerabilities and currently recommended remediation actions can be found on the Armis site.
Avaya & Extreme Customers
For our Avaya and Extreme customers, please see the detailed information below relating to specific models/systems. Read the Product Support Notice here.
Vulnerabilities & recommended remediation steps:
- VxWorks based and CoRes Call Servers, Media Gateways and Media Cards are potentially vulnerable to such attacks. The issue is present across several releases including 5.x, 6.x, 7.x
- Communication Server 1000 R7.6 is End of Manufacturer Support for software since April 2019; any software version prior to R7.6 is End of Manufacturer Support for software for a minimum of five years now. For all software versions it is recommended to block via firewall any traffic to ports (ELAN or TLAN) that are not required for call processing or system management; including the RPC portmapper UDP/TCP ports (111) and the custom TCP ports used by RPC services (32788/32789) specifically for this issue.
Extreme EOS Platforms
S-Series, K-Series, and 7100
- CVEs: 12256, 12260 – Not Vulnerable due to VxWorks version
- CVE: 12259 – Not vulnerable (EOS prevents assigning multicast addresses to the host)
- CVE: 12262 – Vulnerable, but can be mitigated with a Policy rule. A fix will be available in the next EOS release, v8.63.07
- CVEs: 12257, 12265 – Vulnerable but can be mitigated with host ACLs.
- CVEs: 12255, 12261, 12263 – Vulnerable, and a fix will be available in next EOS release, v8.63.07
- CVE: 12264 – Further investigation required
- CVE: 12258 – Vulnerable
Extreme ERS Platforms
ERS 35xx, ERS 36xx, ERS 48xx, ERS 49xx, ERS59xx and ERS 86xx
- CVEs: 12256, 12260 – Not Vulnerable
- CVEs: 12257, 12259, 12264, 12263, 12265 – Investigating
- CVEs: 12262, 12255, 12261 – Vulnerable, but can be mitigated via ACL
- CVE: 12258 – Vulnerable. No mitigation is currently available.
VN-2019-002: Vulnerabilities in Wind River VxWorks – Link
We will continue to communicate with our manufacturing partners and updates will be added to this post. If you have any questions related to your specific environment, please contact your designated Service or Account Manager.