Vulnerability-Lookup

CVE-2020-11899 (GCVE-0-2020-11899)

Vulnerability from cvelistv5 – Published: 2020-06-17 10:27 – Updated: 2025-10-21 23:35

Summary

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

Assigner

mitre

References

URL

Tags

	https://cwe.mitre.org/data/definitions/125.html	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/257161/	x_refsource_MISC
	https://www.treck.com	x_refsource_MISC
	https://jsof-tech.com/vulnerability-disclosure-policy/	x_refsource_MISC
	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/257161	third-party-advisoryx_refsource_CERT-VN
	https://www.jsof-tech.com/ripple20/	x_refsource_MISC
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.arubanetworks.com/assets/alert/ARUBA-P…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2020062…	x_refsource_CONFIRM
	https://www.dell.com/support/article/de-de/sln321…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:42:00.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/257161/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.treck.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "VU#257161",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/257161"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/ripple20/"
          },
          {
            "name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11899",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:52:23.602712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:41.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2020-11899 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-10T20:15:50.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cwe.mitre.org/data/definitions/125.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/257161/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.treck.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
        },
        {
          "name": "VU#257161",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/257161"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/ripple20/"
        },
        {
          "name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11899",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cwe.mitre.org/data/definitions/125.html",
              "refsource": "MISC",
              "url": "https://cwe.mitre.org/data/definitions/125.html"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/257161/",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/257161/"
            },
            {
              "name": "https://www.treck.com",
              "refsource": "MISC",
              "url": "https://www.treck.com"
            },
            {
              "name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
              "refsource": "MISC",
              "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "VU#257161",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/257161"
            },
            {
              "name": "https://www.jsof-tech.com/ripple20/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/ripple20/"
            },
            {
              "name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200625-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
            },
            {
              "name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11899",
    "datePublished": "2020-06-17T10:27:59.000Z",
    "dateReserved": "2020-04-19T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:41.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-11899",
      "cwes": "[\"CWE-125\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-17",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-11899",
      "product": "IPv6",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.",
      "vendorProject": "Treck TCP/IP stack",
      "vulnerabilityName": "Treck TCP/IP stack Out-of-Bounds Read Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cwe.mitre.org/data/definitions/125.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.treck.com\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jsof-tech.com/vulnerability-disclosure-policy/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"name\": \"VU#257161\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"https://www.jsof-tech.com/ripple20/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\", \"name\": \"20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200625-0006/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T11:42:00.530Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-11899\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:52:23.602712Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-03T00:00:00.000Z\", \"value\": \"CVE-2020-11899 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:52:09.499Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://cwe.mitre.org/data/definitions/125.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.treck.com\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jsof-tech.com/vulnerability-disclosure-policy/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"name\": \"VU#257161\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"https://www.jsof-tech.com/ripple20/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\", \"name\": \"20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200625-0006/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-07-10T20:15:50.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://cwe.mitre.org/data/definitions/125.html\", \"name\": \"https://cwe.mitre.org/data/definitions/125.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161/\", \"name\": \"https://www.kb.cert.org/vuls/id/257161/\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.treck.com\", \"name\": \"https://www.treck.com\", \"refsource\": \"MISC\"}, {\"url\": \"https://jsof-tech.com/vulnerability-disclosure-policy/\", \"name\": \"https://jsof-tech.com/vulnerability-disclosure-policy/\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/257161\", \"name\": \"VU#257161\", \"refsource\": \"CERT-VN\"}, {\"url\": \"https://www.jsof-tech.com/ripple20/\", \"name\": \"https://www.jsof-tech.com/ripple20/\", \"refsource\": \"MISC\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\", \"name\": \"20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020\", \"refsource\": \"CISCO\"}, {\"url\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt\", \"name\": \"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200625-0006/\", \"name\": \"https://security.netapp.com/advisory/ntap-20200625-0006/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities\", \"name\": \"https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-11899\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-11899\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:41.992Z\", \"dateReserved\": \"2020-04-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2020-06-17T10:27:59.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2020-11899

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Aliases

CVE-2020-11899

Aliases

CVE-2020-11899

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11899",
    "description": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.",
    "id": "GSD-2020-11899",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-11899.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11899"
      ],
      "details": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.",
      "id": "GSD-2020-11899",
      "modified": "2023-12-13T01:22:06.305797Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2020-11899",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-17",
      "product": "IPv6",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.",
      "vendorProject": "Treck TCP/IP stack",
      "vulnerabilityName": "Treck TCP/IP stack Out-of-Bounds Read Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-11899",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cwe.mitre.org/data/definitions/125.html",
            "refsource": "MISC",
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/257161/",
            "refsource": "MISC",
            "url": "https://www.kb.cert.org/vuls/id/257161/"
          },
          {
            "name": "https://www.treck.com",
            "refsource": "MISC",
            "url": "https://www.treck.com"
          },
          {
            "name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
            "refsource": "MISC",
            "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
          },
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
          },
          {
            "name": "VU#257161",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/257161"
          },
          {
            "name": "https://www.jsof-tech.com/ripple20/",
            "refsource": "MISC",
            "url": "https://www.jsof-tech.com/ripple20/"
          },
          {
            "name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
          },
          {
            "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
            "refsource": "CONFIRM",
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200625-0006/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
          },
          {
            "name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:treck:tcp\\/ip:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.1.66",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11899"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.treck.com",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Vendor Advisory"
              ],
              "url": "https://www.treck.com"
            },
            {
              "name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
            },
            {
              "name": "https://www.jsof-tech.com/ripple20/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.jsof-tech.com/ripple20/"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/257161/",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/257161/"
            },
            {
              "name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html",
              "refsource": "CONFIRM",
              "tags": [
                "Not Applicable"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200625-0006/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
            },
            {
              "name": "VU#257161",
              "refsource": "CERT-VN",
              "tags": [],
              "url": "https://www.kb.cert.org/vuls/id/257161"
            },
            {
              "name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
            },
            {
              "name": "https://cwe.mitre.org/data/definitions/125.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://cwe.mitre.org/data/definitions/125.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2022-07-10T21:15Z",
      "publishedDate": "2020-06-17T11:15Z"
    }
  }
}

CNVD-2020-34253

Vulnerability from cnvd - Published: 2020-06-18

Title

Treck IPv6 stack输入验证错误漏洞

Description

Treck TCP/IP是美国Treck公司的一套专用于嵌入式系统的TCP（传输控制协议）/IP（网际互连协议）套件。 Treck IPv6 stack中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞导致越界读取和拒绝服务。

Severity

中

Patch Name

Treck IPv6 stack输入验证错误漏洞的补丁

Patch Description

Treck TCP/IP是美国Treck公司的一套专用于嵌入式系统的TCP（传输控制协议）/IP（网际互连协议）套件。 Treck IPv6 stack中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可利用该漏洞导致越界读取和拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://treck.com/vulnerability-response-information/

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-168-01

Impacted products

Name
Treck TCP/IP stack <6.0.1.66

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11899"
    }
  },
  "description": "Treck TCP/IP\u662f\u7f8e\u56fdTreck\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u5d4c\u5165\u5f0f\u7cfb\u7edf\u7684TCP\uff08\u4f20\u8f93\u63a7\u5236\u534f\u8bae\uff09/IP\uff08\u7f51\u9645\u4e92\u8fde\u534f\u8bae\uff09\u5957\u4ef6\u3002\n\nTreck IPv6 stack\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8d8a\u754c\u8bfb\u53d6\u548c\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://treck.com/vulnerability-response-information/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-34253",
  "openTime": "2020-06-18",
  "patchDescription": "Treck TCP/IP\u662f\u7f8e\u56fdTreck\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u5d4c\u5165\u5f0f\u7cfb\u7edf\u7684TCP\uff08\u4f20\u8f93\u63a7\u5236\u534f\u8bae\uff09/IP\uff08\u7f51\u9645\u4e92\u8fde\u534f\u8bae\uff09\u5957\u4ef6\u3002\r\n\r\nTreck IPv6 stack\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8d8a\u754c\u8bfb\u53d6\u548c\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Treck IPv6 stack\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Treck TCP/IP stack \u003c6.0.1.66"
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-168-01",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-17",
  "title": "Treck IPv6 stack\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2020-11899

Vulnerability from fkie_nvd - Published: 2020-06-17 11:15 - Updated: 2025-11-07 19:32

Severity ?

5.4 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Summary

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

References

URL	Tags
cve@mitre.org	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt	Broken Link, Third Party Advisory
cve@mitre.org	https://cwe.mitre.org/data/definitions/125.html	Technical Description
cve@mitre.org	https://jsof-tech.com/vulnerability-disclosure-policy/	Broken Link, Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200625-0006/	Third Party Advisory
cve@mitre.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC	Third Party Advisory
cve@mitre.org	https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities	Third Party Advisory
cve@mitre.org	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Third Party Advisory
cve@mitre.org	https://www.jsof-tech.com/ripple20/	Broken Link, Exploit, Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/257161	Third Party Advisory, US Government Resource
cve@mitre.org	https://www.kb.cert.org/vuls/id/257161/	Mitigation, Third Party Advisory, US Government Resource
cve@mitre.org	https://www.treck.com	Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cwe.mitre.org/data/definitions/125.html	Technical Description
af854a3a-2127-422b-91ae-364da2661108	https://jsof-tech.com/vulnerability-disclosure-policy/	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200625-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.jsof-tech.com/ripple20/	Broken Link, Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/257161	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/257161/	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.treck.com	Product, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899	US Government Resource

Impacted products

Vendor	Product	Version
treck	tcp\/ip	*
dell	wyse_5050_all-in-one_firmware	-
dell	wyse_5050_all-in-one	-
dell	wyse_7030_firmware	-
dell	wyse_7030	-
dell	wyse_5030_firmware	-
dell	wyse_5030	-

JSON

To clipboard

{
  "cisaActionDue": "2022-03-17",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Treck TCP/IP stack Out-of-Bounds Read Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:treck:tcp\\/ip:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F9D0DF-D9F0-4183-AC07-C799EFFE36C8",
              "versionEndExcluding": "6.0.1.66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:wyse_5050_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB990439-8D74-4993-AD30-C7A365C96941",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:wyse_5050_all-in-one:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6966C461-DAFF-4F71-A209-44FA1BDD6AF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:wyse_7030_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12D74A6-D734-41D6-A998-1AF09360BC7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:wyse_7030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABAFD47A-32BA-4C10-9BC3-D11A4FA57DBB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:wyse_5030_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1C2400-6395-4495-AE4E-2CFC87EE98F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:wyse_5030:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6733903C-B9D3-4476-AE6C-B224AE5BF01B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read."
    },
    {
      "lang": "es",
      "value": "La pila de Treck TCP/IP versiones anteriores a 6.0.1.66, presenta una Lectura Fuera de L\u00edmites"
    }
  ],
  "id": "CVE-2020-11899",
  "lastModified": "2025-11-07T19:32:29.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-06-17T11:15:10.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description"
      ],
      "url": "https://cwe.mitre.org/data/definitions/125.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.jsof-tech.com/ripple20/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/257161/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://www.treck.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description"
      ],
      "url": "https://cwe.mitre.org/data/definitions/125.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200625-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.jsof-tech.com/ripple20/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/257161/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://www.treck.com"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-6R3W-C7H6-WFHG

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2025-10-22 00:31

Details

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-11899"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-17T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.",
  "id": "GHSA-6r3w-c7h6-wfhg",
  "modified": "2025-10-22T00:31:56Z",
  "published": "2022-05-24T17:20:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11899"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/125.html"
    },
    {
      "type": "WEB",
      "url": "https://jsof-tech.com/vulnerability-disclosure-policy"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200625-0006"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
    },
    {
      "type": "WEB",
      "url": "https://www.jsof-tech.com/ripple20"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/257161"
    },
    {
      "type": "WEB",
      "url": "https://www.treck.com"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2020-AVI-375

Vulnerability from certfr_avis - Published: 2021-01-08 - Updated: 2021-01-08

Le 16 juin 2020, des chercheurs ont annoncé la découverte de dix-neuf vulnérabilités dans l'implémentation de la pile TCP/IP de Treck.

Ce composant est utilisé dans de nombreux systèmes embarqués et objets connectés, dont certains équipements médicaux et équipements de contrôle industriel. Les vulnérabilités les plus critiques permettent une exécution de code arbitraire à distance.

Lorsque des vulnérabilités sont découvertes dans un composant d'aussi bas niveau, il est très difficile de compiler une liste exhaustive de produits vulnérables. De plus, la simple présence de ce composant dans un produit n'implique pas forcément que celui-ci est vulnérable, parce que la vulnérabilité a déjà été corrigée ou encore parce que ce composant a été modifié et que la vulnérabilité n'est pas forcément atteignable.

Le CERT Carneggie Mellon ainsi que les chercheurs ont proposé sur leurs sites respectifs une liste de produits vulnérables et certains éditeurs ont déjà communiqué sur le statut de leurs produits (cf. section Documentation).

Parmi les dix-neuf vulnérabilités, les trois les plus critiques sont identifiées comme :

CVE-2020-11896 : des datagrammes UDP fragmentés sur plusieurs paquets IP peuvent permettre un exécution de code arbitraire à distance ou un déni de service à distance sur des équipements avec une fonction d'IP Tunneling activée ;
CVE-2020-11897 : des paquets IPv6 mal formés permettent une exécution de code arbitraire à distance [1] ;
CVE-2020-11901 : une réponse DNS mal formée permet une exécution de code arbitraire à distance.

Si ces vulnérabilités sont jugées critiques, leur impact est atténué par les conditions d’exploitabilité.

Il convient donc de vérifier dans un premier temps si les équipements en bordure de réseau sont dans une configuration vulnérable. Si c'est le cas, il faut alors appliquer les mises à jour si elles sont disponibles ou mettre en œuvre les mesures de contournement.

[mise à jour du 26 octobre 2020] Les avis de sécurité Schneider Electric SEVD-2020-174-01 et SEVD-2020-175-01 ont été mis à jour le 22 octobre 2020 suite à la découverte d'impacts supplémentaires sur les produits Schneider. Des correctifs sont en cours de développement, certains ont déjà été publiés et des mesures de contournement sont identifiées et listées dans les avis à jour.

[1] cette vulnérabilité a été corrigée dans la version 5.0.1.35, sans être accompagnée d'un avis de sécurité à l'époque de sa mise à disposition.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	versions de la pile TCP/IP de Treck antérieures à 6.0.1.66

References

Title

Publication Time

CVE-2020-11899

Vulnerability from fstec - Published: 16.06.2020

Title

Уязвимость реализации протокола IPv6 стека Treck TCP/IP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость реализации протокола IPv6 стека Treck TCP/IP связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Vendor

Treck Inc., Cisco Systems Inc., HP Inc.

Software Name

Treck TCP/IP, ASR 5000, HP iLO 4, HP Integrated Lights-Out 5 (iLO 5), HP Integrated Lights-Out 3 (iLO 3)

Software Version

до 6.0.1.66 (Treck TCP/IP), до 21.5.27 (ASR 5000), до 2.75 (HP iLO 4), до 2.30 (HP Integrated Lights-Out 5 (iLO 5)), до 2.18 (HP Integrated Lights-Out 5 (iLO 5)), до 1.93 (HP Integrated Lights-Out 3 (iLO 3))

Possible Mitigations

Использование рекомендаций: Обновление программного обеспечения: Для Treck TCP/IP: https://treck.com/vulnerability-response-information/ Для продуктов Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC Для продуктов HP: https://support.hp.com/us-en/document/c06640149 https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us Компенсационные меры: Нормализуйте или отклоняйте фрагментированные IP-пакеты (IP-фрагменты), если они не поддерживаются в вашей среде. Отключите или заблокируйте туннелирование IP, как туннелирование IPv6-в-IPv4, так и туннелирование IP-в-IP, если оно не требуется. Блокируйте исходную IP-маршрутизацию и любые устаревшие функции IPv6, такие как заголовки маршрутизации Принудительно проверяйте TCP и отклоняйте неправильно сформированные TCP-пакеты Блокируйте неиспользуемые управляющие сообщения ICMP, такие как обновление MTU и обновления маски адреса. Нормализуйте DNS с помощью защищенного рекурсивного сервера или брандмауэра прикладного уровня. Убедитесь, что вы используете надежное оборудование уровня 2 OSI (Ethernet). Обеспечьте безопасность DHCP/DHCPv6 с помощью такой функции, как отслеживание DHCP. Отключите или заблокируйте многоадресную рассылку IPv6, если она не используется в коммутационной инфраструктуре

Reference

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt https://security.netapp.com/advisory/ntap-20200625-0006/ https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC https://www.kb.cert.org/vuls/id/257161 https://www.kb.cert.org/vuls/id/257161/ https://nvd.nist.gov/vuln/detail/CVE-2020-11899 https://support.hp.com/us-en/document/c06640149 https://www.jsof-tech.com/ripple20/ https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-20, CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Treck Inc., Cisco Systems Inc., HP Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.0.1.66 (Treck TCP/IP), \u0434\u043e 21.5.27 (ASR 5000), \u0434\u043e 2.75 (HP iLO 4), \u0434\u043e 2.30 (HP Integrated Lights-Out 5 (iLO 5)), \u0434\u043e 2.18 (HP Integrated Lights-Out 5 (iLO 5)), \u0434\u043e 1.93 (HP Integrated Lights-Out 3 (iLO 3))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\u0414\u043b\u044f Treck TCP/IP:\nhttps://treck.com/vulnerability-response-information/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Cisco:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 HP:\nhttps://support.hp.com/us-en/document/c06640149\nhttps://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b:\n\u041d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0443\u0439\u0442\u0435 \u0438\u043b\u0438 \u043e\u0442\u043a\u043b\u043e\u043d\u044f\u0439\u0442\u0435 \u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 IP-\u043f\u0430\u043a\u0435\u0442\u044b (IP-\u0444\u0440\u0430\u0433\u043c\u0435\u043d\u0442\u044b), \u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432 \u0432\u0430\u0448\u0435\u0439 \u0441\u0440\u0435\u0434\u0435.\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u0438\u043b\u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0439\u0442\u0435 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 IP, \u043a\u0430\u043a \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 IPv6-\u0432-IPv4, \u0442\u0430\u043a \u0438 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 IP-\u0432-IP, \u0435\u0441\u043b\u0438 \u043e\u043d\u043e \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f.\n\u0411\u043b\u043e\u043a\u0438\u0440\u0443\u0439\u0442\u0435 \u0438\u0441\u0445\u043e\u0434\u043d\u0443\u044e IP-\u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u0438 \u043b\u044e\u0431\u044b\u0435 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 IPv6, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0438 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438\n\u041f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0439\u0442\u0435 TCP \u0438 \u043e\u0442\u043a\u043b\u043e\u043d\u044f\u0439\u0442\u0435 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 TCP-\u043f\u0430\u043a\u0435\u0442\u044b\n\u0411\u043b\u043e\u043a\u0438\u0440\u0443\u0439\u0442\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f ICMP, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 MTU \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0430\u0441\u043a\u0438 \u0430\u0434\u0440\u0435\u0441\u0430.\n\u041d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0443\u0439\u0442\u0435 DNS \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438\u043b\u0438 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f.\n\u0423\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e \u0432\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435 \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0435 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u0440\u043e\u0432\u043d\u044f 2 OSI (Ethernet).\n\u041e\u0431\u0435\u0441\u043f\u0435\u0447\u044c\u0442\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c DHCP/DHCPv6 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0442\u0430\u043a\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043a\u0430\u043a \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u0435 DHCP.\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u0435 \u0438\u043b\u0438 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0439\u0442\u0435 \u043c\u043d\u043e\u0433\u043e\u0430\u0434\u0440\u0435\u0441\u043d\u0443\u044e \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0443 IPv6, \u0435\u0441\u043b\u0438 \u043e\u043d\u0430 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.03.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01498",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-11899",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Treck TCP/IP, ASR 5000, HP iLO 4, HP Integrated Lights-Out 5 (iLO 5), HP Integrated Lights-Out 3 (iLO 3)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 IPv6 \u0441\u0442\u0435\u043a\u0430 Treck TCP/IP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 IPv6 \u0441\u0442\u0435\u043a\u0430 Treck TCP/IP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u043a \u0440\u044f\u0434\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441\u0442\u0435\u043a\u0430 Treck TCP/IP 2020 \u0433\u043e\u0434\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u043c\u0443 \u043a\u043e\u0434\u043e\u0432\u043e\u0435 \u0438\u043c\u044f Ripple20\n\n\u041f\u0435\u0440\u0435\u0447\u0435\u043d\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt \nhttps://security.netapp.com/advisory/ntap-20200625-0006/ \nhttps://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbhf04012en_us \nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC \nhttps://www.kb.cert.org/vuls/id/257161 \nhttps://www.kb.cert.org/vuls/id/257161/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11899\nhttps://support.hp.com/us-en/document/c06640149\nhttps://www.jsof-tech.com/ripple20/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11899 (GCVE-0-2020-11899)

GSD-2020-11899

CNVD-2020-34253

FKIE_CVE-2020-11899

GHSA-6R3W-C7H6-WFHG

CERTFR-2020-AVI-375

Solution

CVE-2020-11899

Tags

Sightings

Nomenclature