cbcvebase.
CVE-2020-11898
published 2020-06-17

CVE-2020-11898: The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an…

PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
18.73%
96.9th percentile
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

Affected

2 ranges
VendorProductVersion rangeFixed in
paloaltopan-os
trecktcp_ip< 6.0.1.666.0.1.66

Detection & IOCsextracted from sources · hover to see the quote

  • Target systems running Treck TCP/IP stack versions before 6.0.1.66 are vulnerable; detect exploitation attempts via malformed IPv4/ICMPv4 packets with inconsistent length parameters
  • Monitor for anomalous ICMPv4 traffic with mismatched or inconsistent length fields in IPv4 headers, which is the exploitation vector for this Ripple20 vulnerability
  • This CVE is part of the Ripple20 vulnerability set; correlate detections with other Ripple20 CVEs disclosed on June 16, 2020 targeting Treck IP stack implementations across embedded/IoT devices including Cisco products (Bug ID: CSCvu68945)
  • ·Exploitation impact varies by vulnerability; CVE-2020-11898 specifically targets information disclosure via IPv4/ICMPv4 length inconsistency, not RCE or DoS
  • ·The Cisco advisory was noted as subject to updates as additional information becomes available; check the advisory link for the latest affected product list

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.