CVE-2020-11899

Опубликовано: 17 июн. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 4.8

EPSS Средний

Описание

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Ссылки

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt
Broken Link
Third Party Advisory
https://cwe.mitre.org/data/definitions/125.html
Technical Description
https://jsof-tech.com/vulnerability-disclosure-policy/
Broken Link
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200625-0006/
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Third Party Advisory
https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Third Party Advisory
https://www.jsof-tech.com/ripple20/
Broken Link
Exploit
Third Party Advisory
https://www.kb.cert.org/vuls/id/257161
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/257161/
Mitigation
Third Party Advisory
US Government Resource
https://www.treck.com
Product
Vendor Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt
Broken Link
Third Party Advisory
https://cwe.mitre.org/data/definitions/125.html
Technical Description
https://jsof-tech.com/vulnerability-disclosure-policy/
Broken Link
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200625-0006/
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Third Party Advisory
https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Third Party Advisory
https://www.jsof-tech.com/ripple20/
Broken Link
Exploit
Third Party Advisory
https://www.kb.cert.org/vuls/id/257161
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:treck:tcp\/ip:*:*:*:*:*:*:*:*

Версия до 6.0.1.66 (исключая)

Конфигурация 2

Одновременно

cpe:2.3:o:dell:wyse_5050_all-in-one_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dell:wyse_5050_all-in-one:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:dell:wyse_7030_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dell:wyse_7030:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:dell:wyse_5030_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dell:wyse_5030:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.3325

Средний

5.4 Medium

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-6r3w-c7h6-wfhg

CVSS3: 5.4

github

больше 3 лет назад

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

BDU:2022-01498

CVSS3: 5.4

fstec

больше 5 лет назад

Уязвимость реализации протокола IPv6 стека Treck TCP/IP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 97%

0.3325

Средний

5.4 Medium

CVSS3

4.8 Medium

CVSS2

Дефекты

CWE-125