CVE-2020-11899
published 2020-06-17CVE-2020-11899: The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
PriorityP276medium5.4CVSS 3.1
AVAACLPRNUINSUCNILAL
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-17
Exploited in the wild
EPSS
18.42%
96.9th percentile
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| treck | tcp_ip | < 6.0.1.66 | 6.0.1.66 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target systems running Treck TCP/IP stack versions before 6.0.1.66 with IPv6 enabled are vulnerable to out-of-bounds read via malformed IPv6 packets ↗
- →Monitor for exploitation attempts targeting Treck IP stack IPv6 processing; exploitation may result in denial of service or information disclosure observable as anomalous IPv6 traffic or device crashes ↗
- →This vulnerability is part of the 'Ripple20' vulnerability set disclosed on June 16, 2020; threat hunting should include correlation with other Ripple20 CVEs on the same affected hosts ↗
- ·Cisco products are affected; Cisco Bug IDs CSCvu68945 are associated with this CVE across multiple product lines — check Cisco advisory for specific affected product versions ↗
- ·The advisory notes it will be updated as additional information becomes available; affected product scope may be broader than initially listed ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
nvdv2.04.8MEDIUMAV:A/AC:L/Au:N/C:N/I:P/A:P
vulncheck5.4MEDIUM
cisa5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Treck TCP/IP Stack (Update I)
cisa_ics·2024-09-19·CVSS 10.0
[CRITICAL] Treck TCP/IP Stack (Update I)
ICS Advisory
##
Treck TCP/IP Stack (Update I)
Last RevisedSeptember 19, 2024
Alert CodeICSA-20-168-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Treck Inc.
- Equipment: TCP/IP
- Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify
CISA
Treck TCP/IP stack Out-of-Bounds Read Vulnerability
cisa·2022-03-03·CVSS 5.4
CVE-2020-11899 [MEDIUM] CWE-125 Treck TCP/IP stack Out-of-Bounds Read Vulnerability
Vulnerability: Treck TCP/IP stack Out-of-Bounds Read Vulnerability
Affected: Treck TCP/IP stack IPv6
The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-11899
Remediation Due Date: 2022-03-17
Palo Alto
PAN
vendor_paloalto·2020-07-08·CVSS 9.8
CVE-2013-7459 [CRITICAL] PAN
PAN
The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful
CVEs: CVE-2013-7459, CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-16402, CVE-2020-11022, CVE-2020-11023, CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
Affected products: PAN-OS
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco·2020-06-17
CVE-2020-11896 [CRITICAL] CWE-20 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco
CVE-2020-11899 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
CVE-2020-11899: Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
CWE: CWE-20, CWE-20
Bug IDs: CSCvu68945, CSCvu68945, CSCvu68945, CSCvu68945
GHSA
GHSA-6r3w-c7h6-wfhg: The Treck TCP/IP stack before 6
ghsa_unreviewed·2022-05-24
CVE-2020-11899 [MEDIUM] CWE-125 GHSA-6r3w-c7h6-wfhg: The Treck TCP/IP stack before 6
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
VulnCheck
Treck TCP/IP stack Out-of-Bounds Read Vulnerability
vulncheck·2020·CVSS 5.4
CVE-2020-11899 [MEDIUM] CWE-125 Treck TCP/IP stack Out-of-Bounds Read Vulnerability
Treck TCP/IP stack Out-of-Bounds Read Vulnerability
The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.
Affected: Treck TCP/IP stack IPv6
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cyble.com/blog/cyble-sensors-detect-attacks-on-java-framework-iot-devices/; https://cyble.com/blog/weekly-cyble-vulnerability-blog/
Remediation Due: 2022-03-17
No detection rules found.
No public exploits indexed.
Qualys
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack | Qualys
blogs_qualys·2020-06-24·CVSS 10.0
[CRITICAL] Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack | Qualys
#### Table of Contents
- Ripple20Vulnerabilities
- Detecting Treck IP Stack Vulnerabilities with Qualys VM
- Qualys Threat Protection
- Workaround
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20.
## Ripple20Vulnerabilities
Ripple20 is a set of 19 vulnerabilities that affects hundreds of devices (or more) and include multiple remote code execution vulnerabilities.
Four of the Ripple20 vulnerabilities are critical (CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901 ), with CVSS scores over 9 and enable Remote Code Execution. One of the critical vulnera
Qualys
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
blogs_qualys·2020-06-24·CVSS 10.0
[CRITICAL] Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
## Table of Contents
Ripple20Vulnerabilities
Detecting Treck IP Stack Vulnerabilities with Qualys VM
Qualys Threat Protection
Workaround
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20 .
## Ripple20 Vulnerabilities
Ripple20 is a set of 19 vulnerabilities that affects hundreds of devices (or more) and include multiple remote code execution vulnerabilities.
Four of the Ripple20 vulnerabilities are critical (CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901 ), with CVSS scores over 9 and enable Remote Code Execution. One of the critical vulnerabilit
Tenable
CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
blogs_tenable·2020-06-16·CVSS 10.0
[CRITICAL] CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://cwe.mitre.org/data/definitions/125.htmlhttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://cwe.mitre.org/data/definitions/125.htmlhttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.comhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11899
2020-06-17
Published
2022-03-03
Added to CISA KEV
Exploited in the wild