Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11897 (GCVE-0-2020-11897)
Vulnerability from cvelistv5 – Published: 2020-06-17 10:23 – Updated: 2024-08-04 11:42
VLAI
EPSS
Summary
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/257161/ | x_refsource_MISC |
| https://www.treck.com | x_refsource_MISC |
| https://jsof-tech.com/vulnerability-disclosure-policy/ | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/257161 | third-party-advisoryx_refsource_CERT-VN |
| https://www.jsof-tech.com/ripple20/ | x_refsource_MISC |
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| http://www.arubanetworks.com/assets/alert/ARUBA-P… | x_refsource_CONFIRM |
| https://www.dell.com/support/article/de-de/sln321… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.treck.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T23:57:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.treck.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kb.cert.org/vuls/id/257161/",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/257161/"
},
{
"name": "https://www.treck.com",
"refsource": "MISC",
"url": "https://www.treck.com"
},
{
"name": "https://jsof-tech.com/vulnerability-disclosure-policy/",
"refsource": "MISC",
"url": "https://jsof-tech.com/vulnerability-disclosure-policy/"
},
{
"name": "VU#257161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"name": "https://www.jsof-tech.com/ripple20/",
"refsource": "MISC",
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"name": "20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"name": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11897",
"datePublished": "2020-06-17T10:23:22.000Z",
"dateReserved": "2020-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-11897",
"date": "2026-05-29",
"epss": "0.01841",
"percentile": "0.83277"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11897\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-17T11:15:10.087\",\"lastModified\":\"2024-11-21T04:58:51.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.\"},{\"lang\":\"es\",\"value\":\"La pila Treck TCP/IP versiones anteriores a 5.0.1.35, presenta una Escritura Fuera de L\u00edmites por medio de m\u00faltiples paquetes IPv6 malformados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:treck:tcp\\\\/ip:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.1.35\",\"matchCriteriaId\":\"BEE2C313-EAE1-4269-9607-0DAD1711C434\"}]}]}],\"references\":[{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://jsof-tech.com/vulnerability-disclosure-policy/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.jsof-tech.com/ripple20/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/257161\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/257161/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.treck.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://jsof-tech.com/vulnerability-disclosure-policy/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.jsof-tech.com/ripple20/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/257161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/257161/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.treck.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Vendor Advisory\"]}]}}"
}
}
VDE-2021-028
Vulnerability from csaf_pepperlfuchsse - Published: 2021-08-16 12:01 - Updated: 2025-05-14 13:00Summary
Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities
Notes
Summary: Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.
For more information see advisory by Digi International Inc.:
Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International
Impact: Pepperl+Fuchs analyzed and identified affected devices.
The impact on the affected device is that it can
- no longer perform acyclic requests
- may drop all established cyclic connections may
- disappear completely from the network
Mitigation: An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
10 (Critical)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
10 (Critical)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
9.1 (Critical)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
9 (Critical)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
8.2 (High)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
7.3 (High)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.
7.3 (High)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.
6.5 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.
6.5 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
6.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
6.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
5.4 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
5.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
5.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.
5.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
5.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
5.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.
4.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.
4.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Digi International Inc.
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": " Digi International Inc.",
"summary": "reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.\n\nFor more information see advisory by Digi International Inc.:\nDigi International Security Notice - TRECK TCP/IP Stack \"RIPPLE20\" VU#257161 ICS-VU-035787 | Digi International ",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\n\nThe impact on the affected device is that it can\n\n- no longer perform acyclic requests\n- may drop all established cyclic connections may\n- disappear completely from the network",
"title": "Impact"
},
{
"category": "description",
"text": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "Pepperl+Fuchs advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2021-028: Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-028"
},
{
"category": "self",
"summary": "VDE-2021-028: Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-028.json"
}
],
"title": "Pepperl+Fuchs: Multiple VDM100-Distance Ethernet-IP sensors with multiple vulnerabilities",
"tracking": {
"aliases": [
"VDE-2021-028"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-07T11:27:37.765Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-028",
"initial_release_date": "2021-08-16T12:01:00.000Z",
"revision_history": [
{
"date": "2021-08-16T12:01:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "VDM100-150-EIP/G2",
"product": {
"name": "VDM100-150-EIP/G2",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"243598"
]
}
}
},
{
"category": "product_name",
"name": "VDM100-300-EIP/G2",
"product": {
"name": "VDM100-300-EIP/G2",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"256831"
]
}
}
},
{
"category": "product_name",
"name": "VDM100-50-EIP/G2",
"product": {
"name": "VDM100-50-EIP/G2",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"256830"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.00",
"product": {
"name": "Firmware \u003c=2.00",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.00 installed on VDM100-150-EIP/G2",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.00 installed on VDM100-300-EIP/G2",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.00 installed on VDM100-50-EIP/G2",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11896",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 10,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 10,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11896"
},
{
"cve": "CVE-2020-11897",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 10,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 10,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11897"
},
{
"cve": "CVE-2020-11898",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11898"
},
{
"cve": "CVE-2020-11901",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11901"
},
{
"cve": "CVE-2020-11900",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11900"
},
{
"cve": "CVE-2020-11902",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11902"
},
{
"cve": "CVE-2020-11904",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11904"
},
{
"cve": "CVE-2020-11905",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11905"
},
{
"cve": "CVE-2020-11903",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11903"
},
{
"cve": "CVE-2020-11906",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11906"
},
{
"cve": "CVE-2020-11907",
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11907"
},
{
"cve": "CVE-2020-11899",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11899"
},
{
"cve": "CVE-2020-11910",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11910"
},
{
"cve": "CVE-2020-11909",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11909"
},
{
"cve": "CVE-2020-11912",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11912"
},
{
"cve": "CVE-2020-11913",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11913"
},
{
"cve": "CVE-2020-11911",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11911"
},
{
"cve": "CVE-2020-11908",
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 4.7.1.27 mishandles \u0027\\0\u0027 termination in DHCP.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11908"
},
{
"cve": "CVE-2020-11914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2020-11914"
}
]
}
WID-SEC-W-2023-0683
Vulnerability from csaf_certbund - Published: 2020-06-16 22:00 - Updated: 2023-03-19 23:00Summary
Treck TCP/IP-Stack: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.
HP Laserjet ist die Laserdrucker-Produktreihe des Herstellers Hewlett Packard.
Die Server Firmware stellt die Software-Grundbetriebskomponenten für Mainboards bereit.
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Produkten, die die Treck TCP/IP-Stack-Bibliothek verwenden, ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- MacOS X
- Windows
- BIOS/Firmware
- Sonstiges
- Hardware Appliance
- Appliance
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als "Ripple20" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei Längenparametern, einer unsachgemäßen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-Überlaufen oder Wraparounds, einer unsachgemäßen Null-Terminierung, sowie einer unsachgemäßen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herzustellen.
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
HPE Integrated Lights-Out 3
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:3
|
— | |
|
HPE Integrated Lights-Out 5
HPE / Integrated Lights-Out
|
cpe:/h:hp:integrated_lights-out:5
|
— | |
|
Cisco Router
Cisco
|
cpe:/h:cisco:router:-
|
— | |
|
Xerox FreeFlow Print Server
Xerox
|
cpe:/a:xerox:freeflow_print_server:-
|
— | |
|
Intel BIOS
Intel
|
cpe:/h:intel:bios:-
|
— | |
|
Aruba Switch
Aruba
|
cpe:/h:arubanetworks:switch:-
|
— | |
|
HP LaserJet
HP
|
cpe:/h:hp:laserjet:-
|
— | |
|
Aruba ArubaOS
Aruba
|
cpe:/o:arubanetworks:arubaos:-
|
— | |
|
PaloAlto Networks PAN-OS
PaloAlto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
Intel Server Firmware
Intel
|
cpe:/h:intel:server_firmware:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— | |
|
Eaton UPS
Eaton
|
cpe:/h:eaton:ups:-
|
— |
References
20 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.\r\nHP Laserjet ist die Laserdrucker-Produktreihe des Herstellers Hewlett Packard.\r\nDie Server Firmware stellt die Software-Grundbetriebskomponenten f\u00fcr Mainboards bereit.\r\nFreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Produkten, die die Treck TCP/IP-Stack-Bibliothek verwenden, ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- BIOS/Firmware\n- Sonstiges\n- Hardware Appliance\n- Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0683 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-0683.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0683 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0683"
},
{
"category": "external",
"summary": "EATON Security Bulletin ETN-SB-2020-1008 vom 2023-03-17",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/ETN-SB-2020-1008.pdf"
},
{
"category": "external",
"summary": "HPE Security Bulletins",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04103en_us"
},
{
"category": "external",
"summary": "Report auf Jsof-Tech.com vom 2020-06-16",
"url": "https://www.jsof-tech.com/ripple20/"
},
{
"category": "external",
"summary": "Intel Security Advisory:INTEL-SA-00295 vom 2020-06-16",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBPI03666 rev. 1 vom 2020-06-16",
"url": "https://support.hp.com/emea_africa-en/document/c06640149"
},
{
"category": "external",
"summary": "Schneider Electric Security Bulletin SESB-2020-168-01 vom 2020-06-16",
"url": "https://www.se.com/ww/en/download/document/SESB-2020-168-01/"
},
{
"category": "external",
"summary": "ICS-Advisorys des Departments of Homeland Security vom 2020-06-16",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-168-01"
},
{
"category": "external",
"summary": "KB-Cert Vulnerability Note VU#257161 vom 2020-06-16",
"url": "https://www.kb.cert.org/vuls/id/257161"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX20J vom 2020-06-16",
"url": "https://security.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20J_for_B2XX.pdf"
},
{
"category": "external",
"summary": "Cisco Security Advisory CISCO-SA-TRECK-IP-STACK-JYBQ5GYC vom 2020-06-17",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"
},
{
"category": "external",
"summary": "EMC Security Advisory SLN321836 vom 2020-06-22",
"url": "https://www.dell.com/support/article/sln321836/dell-response-to-the-ripple20-vulnerabilities?lang=en"
},
{
"category": "external",
"summary": "Aruba Product Security Advisory",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2020-150 vom 2020-06-25",
"url": "https://www.dell.com/support/article/sln321835/dsa-2020-150-dell-client-platform-security-update-for-treck-tcp-ip-stack-vulnerabilities-in-teradici-firmware-and-remote-workstation-cards?lang=en"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-SA-2020-0007 vom 2020-07-08",
"url": "https://security.paloaltonetworks.com/PAN-SA-2020-0007"
},
{
"category": "external",
"summary": "HPE SECURITY BULLETIN HPESBHF04012 rev.1 vom 2020-07-13",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04012en_us"
},
{
"category": "external",
"summary": "HPE SECURITY BULLETIN HPESBHF04012 rev.2 vom 2020-08-14",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04012en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin hpesbhf04021en_us vom 2020-10-06",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04021en_us"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2020-206 vom 2021-02-24",
"url": "https://www.dell.com/support/kbdoc/de-de/000125440/dsa-2020-206-dell-client-platform-security-update-for-treck-tcp-ip-stack-vulnerabilities-in-teradici-firmware-and-remote-workstation-cards"
}
],
"source_lang": "en-US",
"title": "Treck TCP/IP-Stack: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-03-19T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:46:53.196+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0683",
"initial_release_date": "2020-06-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-06-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-06-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Cisco aufgenommen"
},
{
"date": "2020-06-21T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2020-06-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2020-06-24T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2020-07-08T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Informationen von Palo Alto Networks aufgenommen"
},
{
"date": "2020-07-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HPE aufgenommen"
},
{
"date": "2020-08-17T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von HPE aufgenommen"
},
{
"date": "2020-10-07T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von HPE aufgenommen"
},
{
"date": "2021-02-23T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von DELL aufgenommen"
},
{
"date": "2021-03-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2023-03-19T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von EATON aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Aruba ArubaOS",
"product": {
"name": "Aruba ArubaOS",
"product_id": "T016785",
"product_identification_helper": {
"cpe": "cpe:/o:arubanetworks:arubaos:-"
}
}
},
{
"category": "product_name",
"name": "Aruba Switch",
"product": {
"name": "Aruba Switch",
"product_id": "T016786",
"product_identification_helper": {
"cpe": "cpe:/h:arubanetworks:switch:-"
}
}
}
],
"category": "vendor",
"name": "Aruba"
},
{
"branches": [
{
"category": "product_name",
"name": "Cisco Router",
"product": {
"name": "Cisco Router",
"product_id": "T003258",
"product_identification_helper": {
"cpe": "cpe:/h:cisco:router:-"
}
}
}
],
"category": "vendor",
"name": "Cisco"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T006498",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Eaton UPS",
"product": {
"name": "Eaton UPS",
"product_id": "T026792",
"product_identification_helper": {
"cpe": "cpe:/h:eaton:ups:-"
}
}
}
],
"category": "vendor",
"name": "Eaton"
},
{
"branches": [
{
"category": "product_name",
"name": "HP LaserJet",
"product": {
"name": "HP LaserJet",
"product_id": "T016741",
"product_identification_helper": {
"cpe": "cpe:/h:hp:laserjet:-"
}
}
}
],
"category": "vendor",
"name": "HP"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HPE Integrated Lights-Out 3",
"product": {
"name": "HPE Integrated Lights-Out 3",
"product_id": "T012638",
"product_identification_helper": {
"cpe": "cpe:/h:hp:integrated_lights-out:3"
}
}
},
{
"category": "product_name",
"name": "HPE Integrated Lights-Out 5",
"product": {
"name": "HPE Integrated Lights-Out 5",
"product_id": "T012756",
"product_identification_helper": {
"cpe": "cpe:/h:hp:integrated_lights-out:5"
}
}
}
],
"category": "product_name",
"name": "Integrated Lights-Out"
},
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T009310",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel BIOS",
"product": {
"name": "Intel BIOS",
"product_id": "T016742",
"product_identification_helper": {
"cpe": "cpe:/h:intel:bios:-"
}
}
},
{
"category": "product_name",
"name": "Intel Server Firmware",
"product": {
"name": "Intel Server Firmware",
"product_id": "T004050",
"product_identification_helper": {
"cpe": "cpe:/h:intel:server_firmware:-"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks PAN-OS",
"product": {
"name": "PaloAlto Networks PAN-OS",
"product_id": "T012790",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:-"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "Xerox FreeFlow Print Server",
"product": {
"name": "Xerox FreeFlow Print Server",
"product_id": "T016743",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:-"
}
}
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11896",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11896"
},
{
"cve": "CVE-2020-11897",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11897"
},
{
"cve": "CVE-2020-11898",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11898"
},
{
"cve": "CVE-2020-11899",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11899"
},
{
"cve": "CVE-2020-11900",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11900"
},
{
"cve": "CVE-2020-11901",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11901"
},
{
"cve": "CVE-2020-11902",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11902"
},
{
"cve": "CVE-2020-11903",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11903"
},
{
"cve": "CVE-2020-11904",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11904"
},
{
"cve": "CVE-2020-11905",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11905"
},
{
"cve": "CVE-2020-11906",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11906"
},
{
"cve": "CVE-2020-11907",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11907"
},
{
"cve": "CVE-2020-11908",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11908"
},
{
"cve": "CVE-2020-11909",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11909"
},
{
"cve": "CVE-2020-11910",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11910"
},
{
"cve": "CVE-2020-11911",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11911"
},
{
"cve": "CVE-2020-11912",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11912"
},
{
"cve": "CVE-2020-11913",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11913"
},
{
"cve": "CVE-2020-11914",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Produkten, die eine TCP/IP-Stack-Bibliothek des Herstellers Treck verwenden. Die Schwachstellen werden gesammelt als \"Ripple20\" bezeichnet und betreffen Produkte aus verschiedensten Sektoren. Die Schwachstellen bestehen aufgrund einer fehlerhaften Behandlung von Inkonsistenzen bei L\u00e4ngenparametern, einer unsachgem\u00e4\u00dfen Eingabevalidierung, Double Free-Fehlern, Out-of-Bounds-Lese-Fehlern, Integer-\u00dcberlaufen oder Wraparounds, einer unsachgem\u00e4\u00dfen Null-Terminierung, sowie einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Zustand herzustellen."
}
],
"product_status": {
"known_affected": [
"T006498",
"T012638",
"T012756",
"T003258",
"T016743",
"T016742",
"T016786",
"T016741",
"T016785",
"T012790",
"T004050",
"T009310",
"T026792"
]
},
"release_date": "2020-06-16T22:00:00.000+00:00",
"title": "CVE-2020-11914"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…