CVE-2020-11900
published 2020-06-17CVE-2020-11900: The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
PriorityP275high8.2CVSS 3.1
AVNACLPRNUINSUCNILAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.85%
95.8th percentile
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| treck | tcp_ip | < 6.0.1.41 | 6.0.1.41 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target systems running Treck TCP/IP stack versions before 6.0.1.41 are vulnerable; look for IPv4 tunneling traffic (IP-in-IP, GRE, etc.) directed at embedded/IoT devices that may use Treck stack ↗
- →CVE-2020-11900 is part of the Ripple20 vulnerability set disclosed June 16, 2020; monitor for exploitation attempts targeting embedded devices using Treck IP stack, which may result in remote code execution, DoS, or information disclosure ↗
- ·Cisco tracks this vulnerability under Bug ID CSCvu68945; multiple Cisco products may be affected and the advisory was subject to updates as additional information became available ↗
- ·The vulnerable condition is specifically in IPv4 tunneling handling (Double Free, CWE-415); detection should focus on malformed or unexpected IPv4-in-IPv4 tunnel packets sent to devices using Treck stack versions prior to 6.0.1.41 ↗
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Treck TCP/IP Stack (Update I)
cisa_ics·2024-09-19·CVSS 10.0
[CRITICAL] Treck TCP/IP Stack (Update I)
ICS Advisory
##
Treck TCP/IP Stack (Update I)
Last RevisedSeptember 19, 2024
Alert CodeICSA-20-168-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Treck Inc.
- Equipment: TCP/IP
- Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
CISA is aware of a public report, known as "Ripple20" that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify
Palo Alto
PAN
vendor_paloalto·2020-07-08·CVSS 9.8
CVE-2013-7459 [CRITICAL] PAN
PAN
The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful
CVEs: CVE-2013-7459, CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-16402, CVE-2020-11022, CVE-2020-11023, CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
Affected products: PAN-OS
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco·2020-06-17
CVE-2020-11896 [CRITICAL] CWE-20 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Cisco
Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
vendor_cisco
CVE-2020-11900 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
CVE-2020-11900: Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020
A set of previously unknown vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. The vulnerabilities are collectively known as Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure, depending on the specific vulnerability. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
CWE: CWE-20, CWE-20
Bug IDs: CSCvu68945, CSCvu68945, CSCvu68945, CSCvu68945
GHSA
GHSA-5738-q2rr-3w4x: The Treck TCP/IP stack before 6
ghsa_unreviewed·2022-05-24
CVE-2020-11900 [MEDIUM] GHSA-5738-q2rr-3w4x: The Treck TCP/IP stack before 6
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
VulnCheck
treck tcp\/ip Double Free
vulncheck·2020·CVSS 8.2
CVE-2020-11900 [HIGH] treck tcp\/ip Double Free
treck tcp\/ip Double Free
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
Affected: treck tcp\/ip
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://cyble.com/blog/cyble-sensors-detect-attacks-on-java-framework-iot-devices/
No detection rules found.
No public exploits indexed.
Qualys
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack | Qualys
blogs_qualys·2020-06-24·CVSS 10.0
[CRITICAL] Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack | Qualys
#### Table of Contents
- Ripple20Vulnerabilities
- Detecting Treck IP Stack Vulnerabilities with Qualys VM
- Qualys Threat Protection
- Workaround
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20.
## Ripple20Vulnerabilities
Ripple20 is a set of 19 vulnerabilities that affects hundreds of devices (or more) and include multiple remote code execution vulnerabilities.
Four of the Ripple20 vulnerabilities are critical (CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901 ), with CVSS scores over 9 and enable Remote Code Execution. One of the critical vulnera
Qualys
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
blogs_qualys·2020-06-24·CVSS 10.0
[CRITICAL] Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
## Table of Contents
Ripple20Vulnerabilities
Detecting Treck IP Stack Vulnerabilities with Qualys VM
Qualys Threat Protection
Workaround
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20 .
## Ripple20 Vulnerabilities
Ripple20 is a set of 19 vulnerabilities that affects hundreds of devices (or more) and include multiple remote code execution vulnerabilities.
Four of the Ripple20 vulnerabilities are critical (CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901 ), with CVSS scores over 9 and enable Remote Code Execution. One of the critical vulnerabilit
Tenable
CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
blogs_tenable·2020-06-16·CVSS 10.0
[CRITICAL] CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txthttps://jsof-tech.com/vulnerability-disclosure-policy/https://security.netapp.com/advisory/ntap-20200625-0006/https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_ushttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyChttps://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitieshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.htmlhttps://www.jsof-tech.com/ripple20/https://www.kb.cert.org/vuls/id/257161https://www.kb.cert.org/vuls/id/257161/https://www.treck.com
2020-06-17
Published
Exploited in the wild