Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11898 (GCVE-0-2020-11898)
Vulnerability from cvelistv5 – Published: 2020-06-17 10:26 – Updated: 2024-08-04 11:42
VLAI?
EPSS
Summary
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.treck.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T23:58:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.treck.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/257161/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"name": "https://www.treck.com",
"refsource": "MISC",
"url": "https://www.treck.com"
},
{
"name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
"refsource": "MISC",
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"name": "https://www.jsof-tech.com/ripple20/",
"refsource": "MISC",
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11898",
"datePublished": "2020-06-17T10:26:18.000Z",
"dateReserved": "2020-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2020-AVI-643
Vulnerability from certfr_avis - Published: 2020-10-14 - Updated: 2020-10-14
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service, un contournement de la politique de sécurité, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Acti9 Smartlink SI D et SI B 002.004.002 et versions antérieures | ||
| Schneider Electric | N/A | Acti9 PowerTag Link / Link HD 001.008.007 et versions antérieures | ||
| Schneider Electric | N/A | Modicon Momentum Ethernet MDI | ||
| Schneider Electric | N/A | IFE Gateway toutes versions | ||
| Schneider Electric | N/A | Wiser Energy IP module par Schneider Electric (EER31800) toutes versions | ||
| Schneider Electric | N/A | TeSys T LTMR08EBD Motor Controller toutes versions | ||
| Schneider Electric | N/A | Acti9 Smartlink EL B 1.2.1 et versions antérieures | ||
| Schneider Electric | N/A | Modicon Quantum Co-processors ref. 140CPU6 | ||
| Schneider Electric | N/A | Premium processors avec Ethernet COPRO intégré (TSXP574634, TSXP575634, TSXP576634) versions antérieures à 6.1 | ||
| Schneider Electric | N/A | Gateway Connector par Elko (EKO01827) toutes versions | ||
| Schneider Electric | N/A | Network Management Card 3 (NMC3) SmartSlot (modèles AP9640/AP9640J, AP9641/AP9641J) AOS 1.3.0.6 et versions antérieures | ||
| Schneider Electric | N/A | Premium communication modules TSXETY4103 versions antérieures à 6.2, TSXETY5103 versions antérieures à 6.4 | ||
| Schneider Electric | N/A | Embedded NMC1 (Battery Management System, AP9921X, Rack Automatic Transfer Switches, AP77XX, AP9320, AP9340, AP9361, NetBotz NBRK0200, NetworkAir, InRow) AOS 3.9.2 et version antérieures | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU ref. BMXP34 | ||
| Schneider Electric | N/A | ACE850 Sepam communication interface toutes versions | ||
| Schneider Electric | N/A | Embedded NMC1 (Metered/Switched Rack PDUs with embedded NMC1, AP78XX, AP79XX) AOS 3.9.2 et versions antérieures | ||
| Schneider Electric | N/A | EcoStruxure Building SmartX IP MP et IP RP Controllers toutes versions | ||
| Schneider Electric | N/A | Wiser Energy 1.5.0 et versions antérieures | ||
| Schneider Electric | N/A | Embedded NMC2 (2G Metered/Switched Rack PDUs with embedded NMC2, AP84XX, AP86XX, AP88XX, AP89XX) | ||
| Schneider Electric | N/A | EcoStruxure Machine Expert (précédemment SoMachine et SoMachine Motion) toutes versions | ||
| Schneider Electric | N/A | XUPH001 OsSense communication module toutes versions | ||
| Schneider Electric | N/A | XGCS850C201 OsiSense RFID compact smart antenna toutes versions | ||
| Schneider Electric | N/A | PowerLogic EGX300 Ethernet Gateway toutes versions | ||
| Schneider Electric | N/A | Centrale de mesure PowerLogic PM5000 series toutes versions | ||
| Schneider Electric | N/A | M340 Communication Ethernet modules BMX NOE 0100 (H) versions antérieures à 3.3, BMX NOE 0110 (H) versions antérieures à 6.5, BMX NOC 0401 versions antérieures à 2.10 | ||
| Schneider Electric | Modicon M340 | Modicon M340 Ethernet communication Modules ref. BMXNOC, BMXNOE, BMXNOR | ||
| Schneider Electric | N/A | EcoStruxure™Power Monitoring Expert versions 7.x, 8.x et 9.0 | ||
| Schneider Electric | N/A | SCADAPack 32 RTUsAll versions 2.24 et versions antérieures | ||
| Schneider Electric | N/A | ATV630/650/660/680/6A0/6B0 Altivar Process Drives 2.6IE31 et versions antérieures | ||
| Schneider Electric | N/A | ATV340E Altivar Machine Drives 3.1IE23 et versions antérieures | ||
| Schneider Electric | N/A | M340 CPUs (BMX P34x) micologiciel versions antérieures à 3.20 | ||
| Schneider Electric | N/A | EcoStruxure™Power SCADA Operation with Advanced Reporting and Dashboards Module version 9.0 | ||
| Schneider Electric | N/A | Embedded NMC2 (Battery Manager, AP9922, Rack Automatic Transfer Switches, AP44XX, NetBotz NBRK0250) AOS 6.8.8 et version antérieures | ||
| Schneider Electric | N/A | Power Manager versions 1.1, 1.2 et 1.3 | ||
| Schneider Electric | N/A | AOS 6.8.8 et versions antérieures | ||
| Schneider Electric | N/A | ATV930/950/960/980/9A0/9B0 Altivar Process Drives 3.1IE24 et versions antérieures | ||
| Schneider Electric | N/A | Acti9 Smartlink IP, Acti9 Smartlink EL B et EL D, Acti9 Smartlink SI B et SI D toutes versions | ||
| Schneider Electric | N/A | Smart-UPS et Symmetra UPS Network Management Card 1 (NMC1) SmartSlot (modèles AP9617 (fin de support Nov 2011), AP9619 (fin de support Sep 2012), AP9618 (fin de support Jan 2017), Audio/Video Network Management Enabled products (S20BLK, G50NETB2, G50NETB-20A2)) AOS 3.9.2 et versions antérieures | ||
| Schneider Electric | N/A | Modicon Quantum Ethernet communication modules ref.140NOE et 140NOC | ||
| Schneider Electric | N/A | eIFE Ethernet Interface pour disjoncteurs MasterPact MTZ drawout toutes versions | ||
| Schneider Electric | N/A | EGX150/Link150 Ethernet Gateway toutes versions | ||
| Schneider Electric | N/A | EcoStruxure™Energy Expert version 2.0 | ||
| Schneider Electric | N/A | Modicon Premium Co-processors ref. TSXP et TSXH | ||
| Schneider Electric | N/A | Quantum communication modules 140NOE771x1 versions antérieures à 7.1, 140NOC78x00 versions antérieures à 1.74, 140NOC77101 versions antérieures à 1.08 | ||
| Schneider Electric | N/A | Wiser Link 1.5.0 et versions antérieures | ||
| Schneider Electric | N/A | Modicon M241 et M251 Logic Controller micrologiciel versions antérieures à 5.0.8.4 | ||
| Schneider Electric | N/A | Modicon Premium Ethernet communication modules ref. TSXETY | ||
| Schneider Electric | N/A | Andover Continuum controller (NetController 1 (NC1) = modèle CX9900, NetController 2 (NC2) = modèle CX9680, ACX2 = modèles ACX5720 et ACX5740, séries CX9200, séries CX9400, CX9924, CX9702, séries BCX4040, séries BCX9640) toutes versions | ||
| Schneider Electric | N/A | IFE Ethernet Interface pour ComPact, PowerPact, et disjoncteurs MasterPact toutes versions | ||
| Schneider Electric | N/A | Acti9 PowerTag Link C et Link HD toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Machine SCADA Expert toutes versions | ||
| Schneider Electric | N/A | Wiser Energy IP module par Clipsal (EER72600) toutes versions | ||
| Schneider Electric | N/A | Quantum processors avec Ethernet COPRO intégré 140CPU65xxxxx versions antérieures à 6.1 | ||
| Schneider Electric | N/A | ZBRCETH Modbus TCP communication module for ZBRN1 Harmony Hub 02.03 et versions antérieures | ||
| Schneider Electric | N/A | ATV6000 Medium Voltage AltivarProcess Drives 1.1IE02 et versions antérieures | ||
| Schneider Electric | N/A | StruxureWare™ PowerSCADA Expert with Advanced Reporting and Dashboards Module versions 8.x | ||
| Schneider Electric | N/A | E+PLC400, E+PLC100 et E+PLC_Setup toutes versions | ||
| Schneider Electric | N/A | TM3BC bus coupler module EIP, SL et CANOpen toutes versions | ||
| Schneider Electric | N/A | VW3A3720, VW3A3721 Altivar ProcessCommunication Modules 1.15IE18 et versions antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acti9 Smartlink SI D et SI B 002.004.002 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 PowerTag Link / Link HD 001.008.007 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Momentum Ethernet MDI",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IFE Gateway toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Energy IP module par Schneider Electric (EER31800) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TeSys T LTMR08EBD Motor Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 Smartlink EL B 1.2.1 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum Co-processors ref. 140CPU6",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Premium processors avec Ethernet COPRO int\u00e9gr\u00e9 (TSXP574634, TSXP575634, TSXP576634) versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Gateway Connector par Elko (EKO01827) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3) SmartSlot (mod\u00e8les AP9640/AP9640J, AP9641/AP9641J) AOS 1.3.0.6 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Premium communication modules TSXETY4103 versions ant\u00e9rieures \u00e0 6.2, TSXETY5103 versions ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC1 (Battery Management System, AP9921X, Rack Automatic Transfer Switches, AP77XX, AP9320, AP9340, AP9361, NetBotz NBRK0200, NetworkAir, InRow) AOS 3.9.2 et version ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU ref. BMXP34",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ACE850 Sepam communication interface toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC1 (Metered/Switched Rack PDUs with embedded NMC1, AP78XX, AP79XX) AOS 3.9.2 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Building SmartX IP MP et IP RP Controllers toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Energy 1.5.0 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC2 (2G Metered/Switched Rack PDUs with embedded NMC2, AP84XX, AP86XX, AP88XX, AP89XX)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Machine Expert (pr\u00e9c\u00e9demment SoMachine et SoMachine Motion) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "XUPH001 OsSense communication module toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "XGCS850C201 OsiSense RFID compact smart antenna toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic EGX300 Ethernet Gateway toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Centrale de mesure PowerLogic PM5000 series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "M340 Communication Ethernet modules BMX NOE 0100 (H) versions ant\u00e9rieures \u00e0 3.3, BMX NOE 0110 (H) versions ant\u00e9rieures \u00e0 6.5, BMX NOC 0401 versions ant\u00e9rieures \u00e0 2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 Ethernet communication Modules ref. BMXNOC, BMXNOE, BMXNOR",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122Power Monitoring Expert versions 7.x, 8.x et 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack 32 RTUsAll versions 2.24 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV630/650/660/680/6A0/6B0 Altivar Process Drives 2.6IE31 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV340E Altivar Machine Drives 3.1IE23 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "M340 CPUs (BMX P34x) micologiciel versions ant\u00e9rieures \u00e0 3.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122Power SCADA Operation with Advanced Reporting and Dashboards Module version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC2 (Battery Manager, AP9922, Rack Automatic Transfer Switches, AP44XX, NetBotz NBRK0250) AOS 6.8.8 et version ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Power Manager versions 1.1, 1.2 et 1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "AOS 6.8.8 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV930/950/960/980/9A0/9B0 Altivar Process Drives 3.1IE24 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 Smartlink IP, Acti9 Smartlink EL B et EL D, Acti9 Smartlink SI B et SI D toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS et Symmetra UPS Network Management Card 1 (NMC1) SmartSlot (mod\u00e8les AP9617 (fin de support Nov 2011), AP9619 (fin de support Sep 2012), AP9618 (fin de support Jan 2017), Audio/Video Network Management Enabled products (S20BLK, G50NETB2, G50NETB-20A2)) AOS 3.9.2 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum Ethernet communication modules ref.140NOE et 140NOC",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "eIFE Ethernet Interface pour disjoncteurs MasterPact MTZ drawout toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EGX150/Link150 Ethernet Gateway toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122Energy Expert version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium Co-processors ref. TSXP et TSXH",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Quantum communication modules 140NOE771x1 versions ant\u00e9rieures \u00e0 7.1, 140NOC78x00 versions ant\u00e9rieures \u00e0 1.74, 140NOC77101 versions ant\u00e9rieures \u00e0 1.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Link 1.5.0 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M241 et M251 Logic Controller micrologiciel versions ant\u00e9rieures \u00e0 5.0.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium Ethernet communication modules ref. TSXETY",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Andover Continuum controller (NetController 1 (NC1) = mod\u00e8le CX9900, NetController 2 (NC2) = mod\u00e8le CX9680, ACX2 = mod\u00e8les ACX5720 et ACX5740, s\u00e9ries CX9200, s\u00e9ries CX9400, CX9924, CX9702, s\u00e9ries BCX4040, s\u00e9ries BCX9640) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IFE Ethernet Interface pour ComPact, PowerPact, et disjoncteurs MasterPact toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 PowerTag Link C et Link HD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Machine SCADA Expert toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Energy IP module par Clipsal (EER72600) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Quantum processors avec Ethernet COPRO int\u00e9gr\u00e9 140CPU65xxxxx versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ZBRCETH Modbus TCP communication module for ZBRN1 Harmony Hub 02.03 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV6000 Medium Voltage AltivarProcess Drives 1.1IE02 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "StruxureWare\u2122 PowerSCADA Expert with Advanced Reporting and Dashboards Module versions 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400, E+PLC100 et E+PLC_Setup toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TM3BC bus coupler module EIP, SL et CANOpen toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "VW3A3720, VW3A3721 Altivar ProcessCommunication Modules 1.15IE18 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7547"
},
{
"name": "CVE-2020-14515",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14515"
},
{
"name": "CVE-2020-14513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14513"
},
{
"name": "CVE-2020-7548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7548"
},
{
"name": "CVE-2020-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7545"
},
{
"name": "CVE-2017-6028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6028"
},
{
"name": "CVE-2020-14517",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14517"
},
{
"name": "CVE-2020-14519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14519"
},
{
"name": "CVE-2020-7546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7546"
},
{
"name": "CVE-2020-14509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14509"
},
{
"name": "CVE-2020-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16233"
},
{
"name": "CVE-2020-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7533"
},
{
"name": "CVE-2020-11898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11898"
},
{
"name": "CVE-2020-11896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
}
],
"initial_release_date": "2020-10-14T00:00:00",
"last_revision_date": "2020-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-643",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service, un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-02 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-02/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2017-075-03 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2017-075-03/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-03 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-03/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-04 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-01 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-175-01 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-175-01/"
}
]
}
CERTFR-2020-AVI-375
Vulnerability from certfr_avis - Published: 2021-01-08 - Updated: 2021-01-08
Le 16 juin 2020, des chercheurs ont annoncé la découverte de dix-neuf vulnérabilités dans l'implémentation de la pile TCP/IP de Treck.
Ce composant est utilisé dans de nombreux systèmes embarqués et objets connectés, dont certains équipements médicaux et équipements de contrôle industriel. Les vulnérabilités les plus critiques permettent une exécution de code arbitraire à distance.
Lorsque des vulnérabilités sont découvertes dans un composant d'aussi bas niveau, il est très difficile de compiler une liste exhaustive de produits vulnérables. De plus, la simple présence de ce composant dans un produit n'implique pas forcément que celui-ci est vulnérable, parce que la vulnérabilité a déjà été corrigée ou encore parce que ce composant a été modifié et que la vulnérabilité n'est pas forcément atteignable.
Le CERT Carneggie Mellon ainsi que les chercheurs ont proposé sur leurs sites respectifs une liste de produits vulnérables et certains éditeurs ont déjà communiqué sur le statut de leurs produits (cf. section Documentation).
Parmi les dix-neuf vulnérabilités, les trois les plus critiques sont identifiées comme :
- CVE-2020-11896 : des datagrammes UDP fragmentés sur plusieurs paquets IP peuvent permettre un exécution de code arbitraire à distance ou un déni de service à distance sur des équipements avec une fonction d'IP Tunneling activée ;
- CVE-2020-11897 : des paquets IPv6 mal formés permettent une exécution de code arbitraire à distance [1] ;
- CVE-2020-11901 : une réponse DNS mal formée permet une exécution de code arbitraire à distance.
Si ces vulnérabilités sont jugées critiques, leur impact est atténué par les conditions d’exploitabilité.
Il convient donc de vérifier dans un premier temps si les équipements en bordure de réseau sont dans une configuration vulnérable. Si c'est le cas, il faut alors appliquer les mises à jour si elles sont disponibles ou mettre en œuvre les mesures de contournement.
[mise à jour du 26 octobre 2020] Les avis de sécurité Schneider Electric SEVD-2020-174-01 et SEVD-2020-175-01 ont été mis à jour le 22 octobre 2020 suite à la découverte d'impacts supplémentaires sur les produits Schneider. Des correctifs sont en cours de développement, certains ont déjà été publiés et des mesures de contournement sont identifiées et listées dans les avis à jour.
[1] cette vulnérabilité a été corrigée dans la version 5.0.1.35, sans être accompagnée d'un avis de sécurité à l'époque de sa mise à disposition.
Solution
Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions de la pile TCP/IP de Treck ant\u00e9rieures \u00e0 6.0.1.66",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11913",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11913"
},
{
"name": "CVE-2020-11910",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11910"
},
{
"name": "CVE-2020-11899",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11899"
},
{
"name": "CVE-2020-11908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11908"
},
{
"name": "CVE-2020-11906",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11906"
},
{
"name": "CVE-2020-11914",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11914"
},
{
"name": "CVE-2020-11897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11897"
},
{
"name": "CVE-2020-11911",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11911"
},
{
"name": "CVE-2020-11900",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11900"
},
{
"name": "CVE-2020-11903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11903"
},
{
"name": "CVE-2020-11912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11912"
},
{
"name": "CVE-2020-11901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11901"
},
{
"name": "CVE-2020-11904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11904"
},
{
"name": "CVE-2020-11907",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11907"
},
{
"name": "CVE-2020-11905",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11905"
},
{
"name": "CVE-2020-11898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11898"
},
{
"name": "CVE-2020-11896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
},
{
"name": "CVE-2020-11909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11909"
},
{
"name": "CVE-2020-11902",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11902"
}
],
"initial_release_date": "2021-01-08T00:00:00",
"last_revision_date": "2021-01-08T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11903"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11905",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11905"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-174-01 du 22 juin 2020, mis \u00e0 jour le 23 juin 2020 et mis \u00e0 jour le 22 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-174-01/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-175-01 du 23 juin 2020 mis \u00e0 jour le 22 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-175-01/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11911",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11911"
},
{
"title": "Annonce de Moxa du 30 juin 2020",
"url": "https://www.moxa.com/en/support/support/security-advisory/moxas-response-regarding-the-ripple20-vulnerabilities"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11902",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11902"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2020-006 du 23 juin 2020",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"title": "Communication de Green Hills Software du 16 juin 2020",
"url": "https://support.ghs.com/psirt/PSA-2020-05/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11897"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Treck du 16 juin 2020",
"url": "https://treck.com/vulnerability-response-information/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11908"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11907",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11907"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11910",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11910"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2020-0007 du 08 juillet 2020",
"url": "https://security.paloaltonetworks.com/PAN-SA-2020-0007"
},
{
"title": "Communication de Braun du 12 juin 2020",
"url": "https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/Skyline%20Response_Outlook_6.9.2020_FINAL1.pdf"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11906",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11906"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11904"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 HP HPSBPI03666 du 12 juin 2020",
"url": "https://support.hp.com/in-en/document/c06640149"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-treck-ip-stack-JyBQ5GyC du 17 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11914",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11914"
},
{
"title": "Billet de blogue Ripple20 du 16 juin 2020",
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11898"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11912"
},
{
"title": "Avis de s\u00e9curit\u00e9 du CERT Carnegie Mellon du 16 juin 2020",
"url": "https://kb.cert.org/vuls/id/257161"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11900",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11900"
},
{
"title": "Avis de s\u00e9curit\u00e9 ICS-CERT ICSA-20-168-01 du 16 juin 2020",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-168-01"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11909"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11901"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11913",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11913"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-11899",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11899"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-168-01 du 22 juin 2020, mis \u00e0 jour le 23 juin 2020",
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SESB-2020-168-01_Treck_Vulnerabilities_Security_Bulletin.pdf\u0026p_Doc_Ref=SESB-2020-168-01"
}
],
"reference": "CERTFR-2020-AVI-375",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Le 16 juin 2020, des chercheurs ont annonc\u00e9 la d\u00e9couverte de dix-neuf\nvuln\u00e9rabilit\u00e9s dans l\u0027impl\u00e9mentation de la pile TCP/IP de Treck.\n\nCe composant est utilis\u00e9 dans de nombreux syst\u00e8mes embarqu\u00e9s et objets\nconnect\u00e9s, dont certains \u00e9quipements m\u00e9dicaux et \u00e9quipements de contr\u00f4le\nindustriel. Les vuln\u00e9rabilit\u00e9s les plus critiques permettent une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nLorsque des vuln\u00e9rabilit\u00e9s sont d\u00e9couvertes dans un composant d\u0027aussi\nbas niveau, il est tr\u00e8s difficile de compiler une liste exhaustive de\nproduits vuln\u00e9rables. De plus, la simple pr\u00e9sence de ce composant dans\nun produit n\u0027implique pas forc\u00e9ment que celui-ci est vuln\u00e9rable, parce\nque la vuln\u00e9rabilit\u00e9 a d\u00e9j\u00e0 \u00e9t\u00e9 corrig\u00e9e ou encore parce que ce\ncomposant a \u00e9t\u00e9 modifi\u00e9 et que la vuln\u00e9rabilit\u00e9 n\u0027est pas forc\u00e9ment\natteignable.\n\nLe CERT Carneggie Mellon ainsi que les chercheurs ont propos\u00e9 sur leurs\nsites respectifs une liste de produits vuln\u00e9rables et certains \u00e9diteurs\nont d\u00e9j\u00e0 communiqu\u00e9 sur le statut de leurs produits (cf. section\nDocumentation).\n\nParmi les dix-neuf vuln\u00e9rabilit\u00e9s, les trois les plus critiques sont\nidentifi\u00e9es comme :\n\n- CVE-2020-11896 : des datagrammes UDP fragment\u00e9s sur plusieurs\n paquets IP peuvent permettre un ex\u00e9cution de code arbitraire \u00e0\n distance ou un d\u00e9ni de service \u00e0 distance sur des \u00e9quipements avec\n une fonction d\u0027IP Tunneling activ\u00e9e ;\n- CVE-2020-11897 : des paquets IPv6 mal form\u00e9s permettent une\n ex\u00e9cution de code arbitraire \u00e0 distance \\[1\\] ;\n- CVE-2020-11901 : une r\u00e9ponse DNS mal form\u00e9e permet une ex\u00e9cution de\n code arbitraire \u00e0 distance.\n\nSi ces vuln\u00e9rabilit\u00e9s sont jug\u00e9es critiques, leur impact est att\u00e9nu\u00e9 par\nles conditions d\u2019exploitabilit\u00e9.\n\nIl convient donc de v\u00e9rifier dans un premier temps si les \u00e9quipements en\nbordure de r\u00e9seau sont dans une configuration vuln\u00e9rable. Si c\u0027est le\ncas, il faut alors appliquer les mises \u00e0 jour si elles sont disponibles\nou mettre en \u0153uvre les mesures de contournement.\n\n\u003cstrong\u003e\\[mise \u00e0 jour du 26 octobre 2020\\]\u003c/strong\u003e Les avis de s\u00e9curit\u00e9 Schneider\nElectric SEVD-2020-174-01 et SEVD-2020-175-01 ont \u00e9t\u00e9 mis \u00e0 jour le 22\noctobre 2020 suite \u00e0 la d\u00e9couverte d\u0027impacts suppl\u00e9mentaires sur les\nproduits Schneider. Des correctifs sont en cours de d\u00e9veloppement,\ncertains ont d\u00e9j\u00e0 \u00e9t\u00e9 publi\u00e9s et des mesures de contournement sont\nidentifi\u00e9es et list\u00e9es dans les avis \u00e0 jour.\n\n\u00a0\n\n\\[1\\] cette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans la version 5.0.1.35, sans\n\u00eatre accompagn\u00e9e d\u0027un avis de s\u00e9curit\u00e9 \u00e0 l\u0027\u00e9poque de sa mise \u00e0\ndisposition.\n",
"title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans la pile TCP/IP de Treck",
"vendor_advisories": []
}
FKIE_CVE-2020-11898
Vulnerability from fkie_nvd - Published: 2020-06-17 11:15 - Updated: 2024-11-21 04:58
Severity ?
Summary
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt | ||
| cve@mitre.org | https://jsof-tech.com/vulnerability-disclosure-policy/ | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200625-0006/ | ||
| cve@mitre.org | https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us | ||
| cve@mitre.org | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC | Third Party Advisory | |
| cve@mitre.org | https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities | ||
| cve@mitre.org | https://www.jsof-tech.com/ripple20/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.kb.cert.org/vuls/id/257161 | ||
| cve@mitre.org | https://www.kb.cert.org/vuls/id/257161/ | Mitigation, Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.treck.com | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://jsof-tech.com/vulnerability-disclosure-policy/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200625-0006/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.jsof-tech.com/ripple20/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/257161 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/257161/ | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.treck.com | Product, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:treck:tcp\\/ip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F9D0DF-D9F0-4183-AC07-C799EFFE36C8",
"versionEndExcluding": "6.0.1.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak."
},
{
"lang": "es",
"value": "La pila Treck TCP/IP versiones anteriores a 6.0.1.66, maneja inapropiadamente una Inconsistencia del Par\u00e1metro de Longitud de IPv4/ICMPv4, lo que podr\u00eda permitir a atacantes remotos desencadenar una filtraci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2020-11898",
"lastModified": "2024-11-21T04:58:51.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-17T11:15:10.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"source": "cve@mitre.org",
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.treck.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.treck.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-11898
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-11898",
"description": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.",
"id": "GSD-2020-11898",
"references": [
"https://www.suse.com/security/cve/CVE-2020-11898.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-11898"
],
"details": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.",
"id": "GSD-2020-11898",
"modified": "2023-12-13T01:22:05.359858Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/257161/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"name": "https://www.treck.com",
"refsource": "MISC",
"url": "https://www.treck.com"
},
{
"name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
"refsource": "MISC",
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"name": "https://www.jsof-tech.com/ripple20/",
"refsource": "MISC",
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:treck:tcp\\/ip:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.1.66",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11898"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.treck.com",
"refsource": "MISC",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.treck.com"
},
{
"name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "https://www.jsof-tech.com/ripple20/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "https://www.kb.cert.org/vuls/id/257161/",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0006/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
},
{
"name": "VU#257161",
"refsource": "CERT-VN",
"tags": [],
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"name": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us",
"refsource": "MISC",
"tags": [],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
"refsource": "MISC",
"tags": [],
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-07-21T11:39Z",
"publishedDate": "2020-06-17T11:15Z"
}
}
}
CNVD-2020-34254
Vulnerability from cnvd - Published: 2020-06-18
VLAI Severity ?
Title
Treck IPv4/ICMPv4栈信息泄露漏洞
Description
Treck TCP/IP是美国Treck公司的一套专用于嵌入式系统的TCP(传输控制协议)/IP(网际互连协议)套件。
Treck IPv4/ICMPv4栈中存在安全漏洞,该漏洞源于程序未能正确处理长度参数的差异。远程攻击者触发信息泄露。
Severity
高
Patch Name
Treck IPv4/ICMPv4栈信息泄露漏洞的补丁
Patch Description
Treck TCP/IP是美国Treck公司的一套专用于嵌入式系统的TCP(传输控制协议)/IP(网际互连协议)套件。
Treck IPv4/ICMPv4栈中存在安全漏洞,该漏洞源于程序未能正确处理长度参数的差异。远程攻击者触发信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://treck.com/vulnerability-response-information/
Reference
https://www.us-cert.gov/ics/advisories/icsa-20-168-01
Impacted products
| Name | Treck TCP/IP stack <6.0.1.66 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-11898"
}
},
"description": "Treck TCP/IP\u662f\u7f8e\u56fdTreck\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u5d4c\u5165\u5f0f\u7cfb\u7edf\u7684TCP\uff08\u4f20\u8f93\u63a7\u5236\u534f\u8bae\uff09/IP\uff08\u7f51\u9645\u4e92\u8fde\u534f\u8bae\uff09\u5957\u4ef6\u3002\n\nTreck IPv4/ICMPv4\u6808\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u957f\u5ea6\u53c2\u6570\u7684\u5dee\u5f02\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u89e6\u53d1\u4fe1\u606f\u6cc4\u9732\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://treck.com/vulnerability-response-information/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-34254",
"openTime": "2020-06-18",
"patchDescription": "Treck TCP/IP\u662f\u7f8e\u56fdTreck\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u5d4c\u5165\u5f0f\u7cfb\u7edf\u7684TCP\uff08\u4f20\u8f93\u63a7\u5236\u534f\u8bae\uff09/IP\uff08\u7f51\u9645\u4e92\u8fde\u534f\u8bae\uff09\u5957\u4ef6\u3002\r\n\r\nTreck IPv4/ICMPv4\u6808\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406\u957f\u5ea6\u53c2\u6570\u7684\u5dee\u5f02\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u89e6\u53d1\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Treck IPv4/ICMPv4\u6808\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Treck TCP/IP stack \u003c6.0.1.66"
},
"referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-168-01",
"serverity": "\u9ad8",
"submitTime": "2020-06-17",
"title": "Treck IPv4/ICMPv4\u6808\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
GHSA-8HHV-42HQ-P4Q9
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI?
Details
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
{
"affected": [],
"aliases": [
"CVE-2020-11898"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-17T11:15:00Z",
"severity": "MODERATE"
},
"details": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.",
"id": "GHSA-8hhv-42hq-p4q9",
"modified": "2022-05-24T17:20:42Z",
"published": "2022-05-24T17:20:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11898"
},
{
"type": "WEB",
"url": "https://jsof-tech.com/vulnerability-disclosure-policy"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200625-0006"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
},
{
"type": "WEB",
"url": "https://www.jsof-tech.com/ripple20"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"type": "WEB",
"url": "https://www.treck.com"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
CVE-2020-11898
Vulnerability from fstec - Published: 17.06.2020
VLAI Severity ?
Title
Уязвимость реализации IPv4/ICMPv4 стека протоколов Treck TCP/IP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость реализации IPv4/ICMPv4 стека протоколов Treck TCP/IP связана с раскрытием информации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
Treck Inc., Cisco Systems Inc., HP Inc.
Software Name
Treck TCP/IP, ASR 5000, ASR 5500, Cisco Virtual Packet Core, HP Color Laser MFP 178/179, HP Color LaserJet Pro M154, HP Color LaserJet Pro M155, HP Color LaserJet Pro M252, HP Color LaserJet Pro M254, HP Color LaserJet Pro M255, HP Color LaserJet Pro M452, HP Coolor LaserJet Pro MFP M176, HP Coolor LaserJet Pro MFP M177, HP Color LaserJet Pro MFP M180, HP Color LaserJet Pro MFP M181, HP Color LaserJet Pro MFP M182, HP Color LaserJet Pro MFP M183, HP Color LaserJet Pro MFP M277, HP Color LaserJet Pro MFP M274, HP Color LaserJet Pro MFP M280, HP Color LaserJet Pro MFP M281, HP Color LaserJet Pro MFP M282, HP Color LaserJet Pro MFP M283, HP Color LaserJet Pro MFP M377, HP Color LaserJet Pro MFP M477, HP Laser MFP 133, HP Laser MFP 135, HP Laser MFP 137, HP LaserJet Pro MFP M125, HP LaserJet Pro MFP M126, HP LaserJet Pro MFP M127, HP LaserJet Pro MFP M128, HP LaserJet MFP M72625-M72630, HP LaserJet Multifunction Printer series M1130, HP LaserJet Multifunction Printer series M1200, HP LaserJet Pro 400 M401, HP LaserJet Pro 400 MFP M425, HP LaserJet Pro 500 color MFP M570, HP LaserJet Pro M102, HP LaserJet Pro M104, HP LaserJet Pro M106, HP LaserJet Pro M12w, HP LaserJet Pro M15, HP LaserJet Pro M16, HP LaserJet Pro M17, HP LaserJet Pro M201, HP LaserJet Pro M202, HP LaserJet Pro M206, HP LaserJet Pro M118, HP LaserJet Pro M225, HP LaserJet Pro M226, HP LaserJet Pro M402, HP LaserJet Pro M403, HP LaserJet Pro M435, HP LaserJet Pro M501, HP LaserJet Pro M521, HP LaserJet Pro M701, HP LaserJet Pro M706, HP LaserJet Pro MFP M130, HP LaserJet Pro MFP M132, HP LaserJet Pro MFP M134, HP LaserJet Pro MFP M26, HP LaserJet Pro MFP M29, HP LaserJet Pro MFP M31, HP LaserJet Pro MFP M427, HP LaserJet Pro P1102, HP LaserJet Pro P1106, HP LaserJet Pro P1108, HP LaserJet Ultra MFP M230, HP LaserJet Pro MFP M227, HP LaserJet Pro MFP M148, HP LaserJet Pro MFP M149, HP Neverstop Laser 1000, HP Neverstop Laser 1020, HP Neverstop Laser 1200a, HP Neverstop Laser 1005c, Samsung MultiXpress SL-K302NR/GOV, Samsung MultiXpress SL-K3250NR, Samsung MultiXpress SL-K3300NR, Samsung MultiXpress SL-X3220NR, Samsung MultiXpress SL-X3280NR, Samsung Printer proXpress SL-C3510ND, Samsung Printer proXpress SL-C3510ND/SLI, Samsung Printer proXpress SL-C4010N, Samsung Printer proXpress SL-C4010ND, Samsung Printer proXpress SL-C4010ND/GOV, Samsung ProXpress SL-C3060FR Color Laser Multifunction Printer, Samsung ProXpress SL-C3060ND Color Laser Multifunction Printer, Samsung proXpress SL series, Samsung proXpress SL-M4530ND, Samsung Xpress SL-M2835 Laser Printer, Samsung Xpress SL-M2885 Laser Multifunction Printer, HP Deskjet 2540 All-in-One/ HP Deskjet 2545 All-in-One, HP DeskJet 2600 All-in-One Printer, HP DeskJet 2700 All-in-One Printer, HP DeskJet Ink Advantage 2700 All-in-One series, HP DeskJet Plus 4100 All-in-One series, HP DeskJet Plus Ink Advantage 4100 All-in-One series, HP Deskjet 3520 e-All-in-One, HP DeskJet 3630 All-in-One Printer, HP DeskJet 3790 series, HP Deskjet 5520 e-All-in-One, HP DeskJet GT 5820 All-in-One Printer, HP DeskJet Ink Advantage 2600 All-in-One Printer, HP Deskjet Ink Advantage 3540 e-All-in-One Printer, HP DeskJet Ink Advantage 3630 All-in-One Printer, HP DeskJet Ink Advantage 3700 All-in-One Printer series, HP Deskjet Ink Advantage 3830 e-All-in-One Printer, HP Deskjet Ink Advantage 4530 All-in-One Printer, HP DeskJet Ink Advantage 4670 All-in-One Printer, HP DeskJet Ink Advantage 5570 All-in-One Printer, HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer, HP ENVY 4500 e-All-in-One Printer, HP ENVY 4510 All-in-One Printer, HP Envy 4520 All-in-One Printer, HP ENVY 5530 e-All-in-One Printer, HP ENVY 5540 All-in-One Printer, HP ENVY 5640 e-All-in-One Printer, HP ENVY 5660 e-All-in-One Printer, HP ENVY 7640 e-All-in-One Printer series, HP Ink Tank Wireless 410, HP Officejet 200 Mobile Printer Series, HP Officejet 202 Mobile Printer Series, HP OfficeJet 250 Mobile Series, HP Officejet 3830 e-All-in-One Printer, HP Officejet 4630 e-All-in-One Printer, HP OfficeJet 4650 All-in-One Printer, HP Officejet 5740 e-All-in-One Printer series, HP OfficeJet 6950 All-in-One, HP OfficeJet 6960 All-in-One, HP OfficeJet Pro 6960 All-in-One, HP Officejet 7110 Wide Format ePrinter, HP Officejet 7510 Wide Format e-All-in-One, HP Officejet 7610 Wide Format e-All-in-One, HP Officejet Pro 6230 / 6220 ePrinter, HP OfficeJet Pro 6970 All-in-One Printer series, HP Officejet Pro 8630 e-All-in-One, HP OfficeJet Pro 8710 All-in-One Printer series, HP OfficeJet Pro 8720 All-in-One Printer series, HP OfficeJet Pro X451 Printer, HP OfficeJet Pro X551 Printer, HP OfficeJet Pro X476 Multifunction Printer, HP OfficeJet Pro X576 Multifunction Printer, HP Photosmart 6520 e-All-in-One, HP Smart Tank Wireless 450, HP DesignJet series
Software Version
до 6.0.1.66 (Treck TCP/IP), до 21.5.27 (ASR 5000), до 21.20.2 (ASR 5500), до 21.20.2 (Cisco Virtual Packet Core), до 3.82.01.08 (HP Color Laser MFP 178/179), до 20200612 (HP Color LaserJet Pro M154), до 20200603 (HP Color LaserJet Pro M155), до 20200623 (HP Color LaserJet Pro M252), до 20200612 (HP Color LaserJet Pro M254), до 20200603 (HP Color LaserJet Pro M255), до 20200612 (HP Color LaserJet Pro M452), до 20200531 (HP Coolor LaserJet Pro MFP M176), до 20200531 (HP Coolor LaserJet Pro MFP M177), до 20200612 (HP Color LaserJet Pro MFP M180), до 20200612 (HP Color LaserJet Pro MFP M181), до 20200603 (HP Color LaserJet Pro MFP M182), до 20200603 (HP Color LaserJet Pro MFP M183), до 20200623 (HP Color LaserJet Pro MFP M277), до 20200623 (HP Color LaserJet Pro MFP M274), до 20200612 (HP Color LaserJet Pro MFP M280), до 20200612 (HP Color LaserJet Pro MFP M281), до 20200603 (HP Color LaserJet Pro MFP M282), до 20200603 (HP Color LaserJet Pro MFP M283), до 20200612 (HP Color LaserJet Pro MFP M377), до 20200612 (HP Color LaserJet Pro MFP M477), до 3.82.01.11 (HP Laser MFP 133), до 3.82.01.11 (HP Laser MFP 135), до 3.82.01.11 (HP Laser MFP 137), до 20200531 (HP LaserJet Pro MFP M125), до 20200531 (HP LaserJet Pro MFP M126), до 20200531 (HP LaserJet Pro MFP M127), до 20200531 (HP LaserJet Pro MFP M128), до 3.82.11.04 (HP LaserJet MFP M72625-M72630), до 20200617 (HP LaserJet Multifunction Printer series M1130), до 20200617 (HP LaserJet Multifunction Printer series M1200), до 20200714 (HP LaserJet Pro 400 M401), до 20200714 (HP LaserJet Pro 400 MFP M425), до 20200625 (HP LaserJet Pro 500 color MFP M570), до 20200605 (HP LaserJet Pro M102), до 20200605 (HP LaserJet Pro M104), до 20200605 (HP LaserJet Pro M106), до 20200617 (HP LaserJet Pro M12w), до 20200609 (HP LaserJet Pro M15), до 20200609 (HP LaserJet Pro M16), до 20200609 (HP LaserJet Pro M17), до 20200619 (HP LaserJet Pro M201), до 20200619 (HP LaserJet Pro M202), до 20200605 (HP LaserJet Pro M206), до 20200605 (HP LaserJet Pro M118), до 20200619 (HP LaserJet Pro M225), до 20200619 (HP LaserJet Pro M226), до 20200612 (HP LaserJet Pro M402), до 20200612 (HP LaserJet Pro M403), до 20200707 (HP LaserJet Pro M435), до 20200612 (HP LaserJet Pro M501), до 20200625 (HP LaserJet Pro M521), до 20200707 (HP LaserJet Pro M701), до 20200707 (HP LaserJet Pro M706), до 20200605 (HP LaserJet Pro MFP M130), до 20200605 (HP LaserJet Pro MFP M132), до 20200605 (HP LaserJet Pro MFP M134), до 20200531 (HP LaserJet Pro MFP M26), до 20200609 (HP LaserJet Pro MFP M29), до 20200609 (HP LaserJet Pro MFP M31), до 20200612 (HP LaserJet Pro MFP M31), до 20200612 (HP LaserJet Pro MFP M427), до 20200617 (HP LaserJet Pro P1102), до 20200617 (HP LaserJet Pro P1106), до 20200617 (HP LaserJet Pro P1108), до 20200605 (HP LaserJet Ultra MFP M230), до 20200605 (HP LaserJet Pro MFP M227), до 20200605 (HP LaserJet Pro MFP M148), до 20200605 (HP LaserJet Pro MFP M149), до 20200609 (HP Neverstop Laser 1000), до 20200609 (HP Neverstop Laser 1020), до 20200609 (HP Neverstop Laser 1200a), до 20200609 (HP Neverstop Laser 1005c), до 3.00.11.04 (Samsung MultiXpress SL-K302NR/GOV), до 3.00.11.04 (Samsung MultiXpress SL-K3250NR), до 3.00.11.04 (Samsung MultiXpress SL-K3300NR), до 3.00.11.08 (Samsung MultiXpress SL-X3220NR), до 3.00.11.08 (Samsung MultiXpress SL-X3280NR), до 3.00.05.06 (Samsung Printer proXpress SL-C3510ND), до 3.00.05.06 (Samsung Printer proXpress SL-C3510ND/SLI), до 3.00.05.06 (Samsung Printer proXpress SL-C4010N), до 3.00.05.06 (Samsung Printer proXpress SL-C4010ND), до 3.00.05.06 (Samsung Printer proXpress SL-C4010ND/GOV), до 3.00.09.00 (Samsung Printer proXpress SL-C4010ND/GOV), до 3.00.11.00 (Samsung ProXpress SL-C3060FR Color Laser Multifunction Printer), до 3.00.11.00 (Samsung ProXpress SL-C3060ND Color Laser Multifunction Printer), до 4.00.02.20 (Samsung proXpress SL series), до 3.00.01.25 (Samsung proXpress SL-M4530ND), до 3.00.01.14 (Samsung Xpress SL-M2835 Laser Printer), до 3.00.01.18 (Samsung Xpress SL-M2885 Laser Multifunction Printer), до 2023B (HP Deskjet 2540 All-in-One/ HP Deskjet 2545 All-in-One), до 2021B (HP DeskJet 2600 All-in-One Printer), до 2021D (HP DeskJet 2700 All-in-One Printer), до 2021D (HP DeskJet Ink Advantage 2700 All-in-One series), до 2021D (HP DeskJet Plus 4100 All-in-One series), до 2021D (HP DeskJet Plus Ink Advantage 4100 All-in-One series), до 2023A (HP Deskjet 3520 e-All-in-One), до 2020C (HP DeskJet 3630 All-in-One Printer), до 2022A (HP DeskJet 3790 series), до 2023A (HP Deskjet 5520 e-All-in-One), до 2027B (HP DeskJet GT 5820 All-in-One Printer), до 2021B (HP DeskJet Ink Advantage 2600 All-in-One Printer), до 2025A (HP Deskjet Ink Advantage 3540 e-All-in-One Printer), до 2020C (HP DeskJet Ink Advantage 3630 All-in-One Printer), до 2020B (HP DeskJet Ink Advantage 3700 All-in-One Printer series), до 2021A (HP Deskjet Ink Advantage 3830 e-All-in-One Printer), до 2023B (HP Deskjet Ink Advantage 4530 All-in-One Printer), до 2022A (HP DeskJet Ink Advantage 4670 All-in-One Printer), до 2023A (HP DeskJet Ink Advantage 5570 All-in-One Printer), до 2020B (HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer), до 2025A (HP ENVY 4500 e-All-in-One Printer), до 2023B (HP ENVY 4510 All-in-One Printer), до 2023B (HP Envy 4520 All-in-One Printer), до 2024A (HP ENVY 5530 e-All-in-One Printer), до 2023A (HP ENVY 5540 All-in-One Printer), до 2023A (HP ENVY 5640 e-All-in-One Printer), до 2023A (HP ENVY 5660 e-All-in-One Printer), до 2022A (HP ENVY 7640 e-All-in-One Printer series), до 2020A (HP Ink Tank Wireless 410), до 2020B (HP Officejet 200 Mobile Printer Series), до 2020B (HP Officejet 202 Mobile Printer Series), до 2020B (HP OfficeJet 250 Mobile Series), до 2021A (HP Officejet 3830 e-All-in-One Printer), до 2025A (HP Officejet 4630 e-All-in-One Printer), до 2022A (HP OfficeJet 4650 All-in-One Printer), до 2022A (HP Officejet 5740 e-All-in-One Printer series), до 2020B (HP OfficeJet 6950 All-in-One), до 2020C (HP OfficeJet 6960 All-in-One), до 2020C (HP OfficeJet Pro 6960 All-in-One), до 2020B (HP Officejet 7110 Wide Format ePrinter), до 2022A (HP Officejet 7510 Wide Format e-All-in-One), до 2022A (HP Officejet 7610 Wide Format e-All-in-One), до 2021A (HP Officejet Pro 6230 / 6220 ePrinter), до 2020C (HP OfficeJet Pro 6970 All-in-One Printer series), до 2022A (HP Officejet Pro 8630 e-All-in-One), до 2020A (HP OfficeJet Pro 8710 All-in-One Printer series), до 2020A (HP OfficeJet Pro 8720 All-in-One Printer series), до 2022A (HP OfficeJet Pro X451 Printer), до 2022A (HP OfficeJet Pro X551 Printer), до 2022A (HP OfficeJet Pro X476 Multifunction Printer), до 2022A (HP OfficeJet Pro X576 Multifunction Printer), до 2024A (HP Photosmart 6520 e-All-in-One), до 2020A (HP Smart Tank Wireless 450), до 2023A (HP DesignJet series)
Possible Mitigations
Использование рекомендаций:
Для Treck TCP/IP:
https://www.treck.com/
Для программных продуктов Cisco Systems Inc.:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Для Hewlett-Packard Development Company L.P.:
https://support.hp.com/us-en/document/c06640149
Reference
https://www.treck.com/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
https://support.hp.com/us-en/document/c06640149
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Treck Inc., Cisco Systems Inc., HP Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.0.1.66 (Treck TCP/IP), \u0434\u043e 21.5.27 (ASR 5000), \u0434\u043e 21.20.2 (ASR 5500), \u0434\u043e 21.20.2 (Cisco Virtual Packet Core), \u0434\u043e 3.82.01.08 (HP Color Laser MFP 178/179), \u0434\u043e 20200612 (HP Color LaserJet Pro M154), \u0434\u043e 20200603 (HP Color LaserJet Pro M155), \u0434\u043e 20200623 (HP Color LaserJet Pro M252), \u0434\u043e 20200612 (HP Color LaserJet Pro M254), \u0434\u043e 20200603 (HP Color LaserJet Pro M255), \u0434\u043e 20200612 (HP Color LaserJet Pro M452), \u0434\u043e 20200531 (HP Coolor LaserJet Pro MFP M176), \u0434\u043e 20200531 (HP Coolor LaserJet Pro MFP M177), \u0434\u043e 20200612 (HP Color LaserJet Pro MFP M180), \u0434\u043e 20200612 (HP Color LaserJet Pro MFP M181), \u0434\u043e 20200603 (HP Color LaserJet Pro MFP M182), \u0434\u043e 20200603 (HP Color LaserJet Pro MFP M183), \u0434\u043e 20200623 (HP Color LaserJet Pro MFP M277), \u0434\u043e 20200623 (HP Color LaserJet Pro MFP M274), \u0434\u043e 20200612 (HP Color LaserJet Pro MFP M280), \u0434\u043e 20200612 (HP Color LaserJet Pro MFP M281), \u0434\u043e 20200603 (HP Color LaserJet Pro MFP M282), \u0434\u043e 20200603 (HP Color LaserJet Pro MFP M283), \u0434\u043e 20200612 (HP Color LaserJet Pro MFP M377), \u0434\u043e 20200612 (HP Color LaserJet Pro MFP M477), \u0434\u043e 3.82.01.11 (HP Laser MFP 133), \u0434\u043e 3.82.01.11 (HP Laser MFP 135), \u0434\u043e 3.82.01.11 (HP Laser MFP 137), \u0434\u043e 20200531 (HP LaserJet Pro MFP M125), \u0434\u043e 20200531 (HP LaserJet Pro MFP M126), \u0434\u043e 20200531 (HP LaserJet Pro MFP M127), \u0434\u043e 20200531 (HP LaserJet Pro MFP M128), \u0434\u043e 3.82.11.04 (HP LaserJet MFP M72625-M72630), \u0434\u043e 20200617 (HP LaserJet Multifunction Printer series M1130), \u0434\u043e 20200617 (HP LaserJet Multifunction Printer series M1200), \u0434\u043e 20200714 (HP LaserJet Pro 400 M401), \u0434\u043e 20200714 (HP LaserJet Pro 400 MFP M425), \u0434\u043e 20200625 (HP LaserJet Pro 500 color MFP M570), \u0434\u043e 20200605 (HP LaserJet Pro M102), \u0434\u043e 20200605 (HP LaserJet Pro M104), \u0434\u043e 20200605 (HP LaserJet Pro M106), \u0434\u043e 20200617 (HP LaserJet Pro M12w), \u0434\u043e 20200609 (HP LaserJet Pro M15), \u0434\u043e 20200609 (HP LaserJet Pro M16), \u0434\u043e 20200609 (HP LaserJet Pro M17), \u0434\u043e 20200619 (HP LaserJet Pro M201), \u0434\u043e 20200619 (HP LaserJet Pro M202), \u0434\u043e 20200605 (HP LaserJet Pro M206), \u0434\u043e 20200605 (HP LaserJet Pro M118), \u0434\u043e 20200619 (HP LaserJet Pro M225), \u0434\u043e 20200619 (HP LaserJet Pro M226), \u0434\u043e 20200612 (HP LaserJet Pro M402), \u0434\u043e 20200612 (HP LaserJet Pro M403), \u0434\u043e 20200707 (HP LaserJet Pro M435), \u0434\u043e 20200612 (HP LaserJet Pro M501), \u0434\u043e 20200625 (HP LaserJet Pro M521), \u0434\u043e 20200707 (HP LaserJet Pro M701), \u0434\u043e 20200707 (HP LaserJet Pro M706), \u0434\u043e 20200605 (HP LaserJet Pro MFP M130), \u0434\u043e 20200605 (HP LaserJet Pro MFP M132), \u0434\u043e 20200605 (HP LaserJet Pro MFP M134), \u0434\u043e 20200531 (HP LaserJet Pro MFP M26), \u0434\u043e 20200609 (HP LaserJet Pro MFP M29), \u0434\u043e 20200609 (HP LaserJet Pro MFP M31), \u0434\u043e 20200612 (HP LaserJet Pro MFP M31), \u0434\u043e 20200612 (HP LaserJet Pro MFP M427), \u0434\u043e 20200617 (HP LaserJet Pro P1102), \u0434\u043e 20200617 (HP LaserJet Pro P1106), \u0434\u043e 20200617 (HP LaserJet Pro P1108), \u0434\u043e 20200605 (HP LaserJet Ultra MFP M230), \u0434\u043e 20200605 (HP LaserJet Pro MFP M227), \u0434\u043e 20200605 (HP LaserJet Pro MFP M148), \u0434\u043e 20200605 (HP LaserJet Pro MFP M149), \u0434\u043e 20200609 (HP Neverstop Laser 1000), \u0434\u043e 20200609 (HP Neverstop Laser 1020), \u0434\u043e 20200609 (HP Neverstop Laser 1200a), \u0434\u043e 20200609 (HP Neverstop Laser 1005c), \u0434\u043e 3.00.11.04 (Samsung MultiXpress SL-K302NR/GOV), \u0434\u043e 3.00.11.04 (Samsung MultiXpress SL-K3250NR), \u0434\u043e 3.00.11.04 (Samsung MultiXpress SL-K3300NR), \u0434\u043e 3.00.11.08 (Samsung MultiXpress SL-X3220NR), \u0434\u043e 3.00.11.08 (Samsung MultiXpress SL-X3280NR), \u0434\u043e 3.00.05.06 (Samsung Printer proXpress SL-C3510ND), \u0434\u043e 3.00.05.06 (Samsung Printer proXpress SL-C3510ND/SLI), \u0434\u043e 3.00.05.06 (Samsung Printer proXpress SL-C4010N), \u0434\u043e 3.00.05.06 (Samsung Printer proXpress SL-C4010ND), \u0434\u043e 3.00.05.06 (Samsung Printer proXpress SL-C4010ND/GOV), \u0434\u043e 3.00.09.00 (Samsung Printer proXpress SL-C4010ND/GOV), \u0434\u043e 3.00.11.00 (Samsung ProXpress SL-C3060FR Color Laser Multifunction Printer), \u0434\u043e 3.00.11.00 (Samsung ProXpress SL-C3060ND Color Laser Multifunction Printer), \u0434\u043e 4.00.02.20 (Samsung proXpress SL series), \u0434\u043e 3.00.01.25 (Samsung proXpress SL-M4530ND), \u0434\u043e 3.00.01.14 (Samsung Xpress SL-M2835 Laser Printer), \u0434\u043e 3.00.01.18 (Samsung Xpress SL-M2885 Laser Multifunction Printer), \u0434\u043e 2023B (HP Deskjet 2540 All-in-One/ HP Deskjet 2545 All-in-One), \u0434\u043e 2021B (HP DeskJet 2600 All-in-One Printer), \u0434\u043e 2021D (HP DeskJet 2700 All-in-One Printer), \u0434\u043e 2021D (HP DeskJet Ink Advantage 2700 All-in-One series), \u0434\u043e 2021D (HP DeskJet Plus 4100 All-in-One series), \u0434\u043e 2021D (HP DeskJet Plus Ink Advantage 4100 All-in-One series), \u0434\u043e 2023A (HP Deskjet 3520 e-All-in-One), \u0434\u043e 2020C (HP DeskJet 3630 All-in-One Printer), \u0434\u043e 2022A (HP DeskJet 3790 series), \u0434\u043e 2023A (HP Deskjet 5520 e-All-in-One), \u0434\u043e 2027B (HP DeskJet GT 5820 All-in-One Printer), \u0434\u043e 2021B (HP DeskJet Ink Advantage 2600 All-in-One Printer), \u0434\u043e 2025A (HP Deskjet Ink Advantage 3540 e-All-in-One Printer), \u0434\u043e 2020C (HP DeskJet Ink Advantage 3630 All-in-One Printer), \u0434\u043e 2020B (HP DeskJet Ink Advantage 3700 All-in-One Printer series), \u0434\u043e 2021A (HP Deskjet Ink Advantage 3830 e-All-in-One Printer), \u0434\u043e 2023B (HP Deskjet Ink Advantage 4530 All-in-One Printer), \u0434\u043e 2022A (HP DeskJet Ink Advantage 4670 All-in-One Printer), \u0434\u043e 2023A (HP DeskJet Ink Advantage 5570 All-in-One Printer), \u0434\u043e 2020B (HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer), \u0434\u043e 2025A (HP ENVY 4500 e-All-in-One Printer), \u0434\u043e 2023B (HP ENVY 4510 All-in-One Printer), \u0434\u043e 2023B (HP Envy 4520 All-in-One Printer), \u0434\u043e 2024A (HP ENVY 5530 e-All-in-One Printer), \u0434\u043e 2023A (HP ENVY 5540 All-in-One Printer), \u0434\u043e 2023A (HP ENVY 5640 e-All-in-One Printer), \u0434\u043e 2023A (HP ENVY 5660 e-All-in-One Printer), \u0434\u043e 2022A (HP ENVY 7640 e-All-in-One Printer series), \u0434\u043e 2020A (HP Ink Tank Wireless 410), \u0434\u043e 2020B (HP Officejet 200 Mobile Printer Series), \u0434\u043e 2020B (HP Officejet 202 Mobile Printer Series), \u0434\u043e 2020B (HP OfficeJet 250 Mobile Series), \u0434\u043e 2021A (HP Officejet 3830 e-All-in-One Printer), \u0434\u043e 2025A (HP Officejet 4630 e-All-in-One Printer), \u0434\u043e 2022A (HP OfficeJet 4650 All-in-One Printer), \u0434\u043e 2022A (HP Officejet 5740 e-All-in-One Printer series), \u0434\u043e 2020B (HP OfficeJet 6950 All-in-One), \u0434\u043e 2020C (HP OfficeJet 6960 All-in-One), \u0434\u043e 2020C (HP OfficeJet Pro 6960 All-in-One), \u0434\u043e 2020B (HP Officejet 7110 Wide Format ePrinter), \u0434\u043e 2022A (HP Officejet 7510 Wide Format e-All-in-One), \u0434\u043e 2022A (HP Officejet 7610 Wide Format e-All-in-One), \u0434\u043e 2021A (HP Officejet Pro 6230 / 6220 ePrinter), \u0434\u043e 2020C (HP OfficeJet Pro 6970 All-in-One Printer series), \u0434\u043e 2022A (HP Officejet Pro 8630 e-All-in-One), \u0434\u043e 2020A (HP OfficeJet Pro 8710 All-in-One Printer series), \u0434\u043e 2020A (HP OfficeJet Pro 8720 All-in-One Printer series), \u0434\u043e 2022A (HP OfficeJet Pro X451 Printer), \u0434\u043e 2022A (HP OfficeJet Pro X551 Printer), \u0434\u043e 2022A (HP OfficeJet Pro X476 Multifunction Printer), \u0434\u043e 2022A (HP OfficeJet Pro X576 Multifunction Printer), \u0434\u043e 2024A (HP Photosmart 6520 e-All-in-One), \u0434\u043e 2020A (HP Smart Tank Wireless 450), \u0434\u043e 2023A (HP DesignJet series)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Treck TCP/IP:\nhttps://www.treck.com/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Cisco Systems Inc.:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\n\n\u0414\u043b\u044f Hewlett-Packard Development Company L.P.:\nhttps://support.hp.com/us-en/document/c06640149",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.04.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.04.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02073",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-11898",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Treck TCP/IP, ASR 5000, ASR 5500, Cisco Virtual Packet Core, HP Color Laser MFP 178/179, HP Color LaserJet Pro M154, HP Color LaserJet Pro M155, HP Color LaserJet Pro M252, HP Color LaserJet Pro M254, HP Color LaserJet Pro M255, HP Color LaserJet Pro M452, HP Coolor LaserJet Pro MFP M176, HP Coolor LaserJet Pro MFP M177, HP Color LaserJet Pro MFP M180, HP Color LaserJet Pro MFP M181, HP Color LaserJet Pro MFP M182, HP Color LaserJet Pro MFP M183, HP Color LaserJet Pro MFP M277, HP Color LaserJet Pro MFP M274, HP Color LaserJet Pro MFP M280, HP Color LaserJet Pro MFP M281, HP Color LaserJet Pro MFP M282, HP Color LaserJet Pro MFP M283, HP Color LaserJet Pro MFP M377, HP Color LaserJet Pro MFP M477, HP Laser MFP 133, HP Laser MFP 135, HP Laser MFP 137, HP LaserJet Pro MFP M125, HP LaserJet Pro MFP M126, HP LaserJet Pro MFP M127, HP LaserJet Pro MFP M128, HP LaserJet MFP M72625-M72630, HP LaserJet Multifunction Printer series M1130, HP LaserJet Multifunction Printer series M1200, HP LaserJet Pro 400 M401, HP LaserJet Pro 400 MFP M425, HP LaserJet Pro 500 color MFP M570, HP LaserJet Pro M102, HP LaserJet Pro M104, HP LaserJet Pro M106, HP LaserJet Pro M12w, HP LaserJet Pro M15, HP LaserJet Pro M16, HP LaserJet Pro M17, HP LaserJet Pro M201, HP LaserJet Pro M202, HP LaserJet Pro M206, HP LaserJet Pro M118, HP LaserJet Pro M225, HP LaserJet Pro M226, HP LaserJet Pro M402, HP LaserJet Pro M403, HP LaserJet Pro M435, HP LaserJet Pro M501, HP LaserJet Pro M521, HP LaserJet Pro M701, HP LaserJet Pro M706, HP LaserJet Pro MFP M130, HP LaserJet Pro MFP M132, HP LaserJet Pro MFP M134, HP LaserJet Pro MFP M26, HP LaserJet Pro MFP M29, HP LaserJet Pro MFP M31, HP LaserJet Pro MFP M427, HP LaserJet Pro P1102, HP LaserJet Pro P1106, HP LaserJet Pro P1108, HP LaserJet Ultra MFP M230, HP LaserJet Pro MFP M227, HP LaserJet Pro MFP M148, HP LaserJet Pro MFP M149, HP Neverstop Laser 1000, HP Neverstop Laser 1020, HP Neverstop Laser 1200a, HP Neverstop Laser 1005c, Samsung MultiXpress SL-K302NR/GOV, Samsung MultiXpress SL-K3250NR, Samsung MultiXpress SL-K3300NR, Samsung MultiXpress SL-X3220NR, Samsung MultiXpress SL-X3280NR, Samsung Printer proXpress SL-C3510ND, Samsung Printer proXpress SL-C3510ND/SLI, Samsung Printer proXpress SL-C4010N, Samsung Printer proXpress SL-C4010ND, Samsung Printer proXpress SL-C4010ND/GOV, Samsung ProXpress SL-C3060FR Color Laser Multifunction Printer, Samsung ProXpress SL-C3060ND Color Laser Multifunction Printer, Samsung proXpress SL series, Samsung proXpress SL-M4530ND, Samsung Xpress SL-M2835 Laser Printer, Samsung Xpress SL-M2885 Laser Multifunction Printer, HP Deskjet 2540 All-in-One/ HP Deskjet 2545 All-in-One, HP DeskJet 2600 All-in-One Printer, HP DeskJet 2700 All-in-One Printer, HP DeskJet Ink Advantage 2700 All-in-One series, HP DeskJet Plus 4100 All-in-One series, HP DeskJet Plus Ink Advantage 4100 All-in-One series, HP Deskjet 3520 e-All-in-One, HP DeskJet 3630 All-in-One Printer, HP DeskJet 3790 series, HP Deskjet 5520 e-All-in-One, HP DeskJet GT 5820 All-in-One Printer, HP DeskJet Ink Advantage 2600 All-in-One Printer, HP Deskjet Ink Advantage 3540 e-All-in-One Printer, HP DeskJet Ink Advantage 3630 All-in-One Printer, HP DeskJet Ink Advantage 3700 All-in-One Printer series, HP Deskjet Ink Advantage 3830 e-All-in-One Printer, HP Deskjet Ink Advantage 4530 All-in-One Printer, HP DeskJet Ink Advantage 4670 All-in-One Printer, HP DeskJet Ink Advantage 5570 All-in-One Printer, HP DeskJet Ink Advantage Ultra 4720 All-in-One Printer, HP ENVY 4500 e-All-in-One Printer, HP ENVY 4510 All-in-One Printer, HP Envy 4520 All-in-One Printer, HP ENVY 5530 e-All-in-One Printer, HP ENVY 5540 All-in-One Printer, HP ENVY 5640 e-All-in-One Printer, HP ENVY 5660 e-All-in-One Printer, HP ENVY 7640 e-All-in-One Printer series, HP Ink Tank Wireless 410, HP Officejet 200 Mobile Printer Series, HP Officejet 202 Mobile Printer Series, HP OfficeJet 250 Mobile Series, HP Officejet 3830 e-All-in-One Printer, HP Officejet 4630 e-All-in-One Printer, HP OfficeJet 4650 All-in-One Printer, HP Officejet 5740 e-All-in-One Printer series, HP OfficeJet 6950 All-in-One, HP OfficeJet 6960 All-in-One, HP OfficeJet Pro 6960 All-in-One, HP Officejet 7110 Wide Format ePrinter, HP Officejet 7510 Wide Format e-All-in-One, HP Officejet 7610 Wide Format e-All-in-One, HP Officejet Pro 6230 / 6220 ePrinter, HP OfficeJet Pro 6970 All-in-One Printer series, HP Officejet Pro 8630 e-All-in-One, HP OfficeJet Pro 8710 All-in-One Printer series, HP OfficeJet Pro 8720 All-in-One Printer series, HP OfficeJet Pro X451 Printer, HP OfficeJet Pro X551 Printer, HP OfficeJet Pro X476 Multifunction Printer, HP OfficeJet Pro X576 Multifunction Printer, HP Photosmart 6520 e-All-in-One, HP Smart Tank Wireless 450, HP DesignJet series",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 IPv4/ICMPv4 \u0441\u0442\u0435\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Treck TCP/IP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 IPv4/ICMPv4 \u0441\u0442\u0435\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Treck TCP/IP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.treck.com/\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\nhttps://support.hp.com/us-en/document/c06640149",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…