CVE-2020-11899
MEDIUM
5,4
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low
MEDIUM
4,8
Source: [email protected]
Access Vector: adjacent_network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: partial
Description
AI Translation Available
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,3325
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
125
Out-of-bounds Read
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Other
Potential Impacts:
Read Memory
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Varies By Context
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Technologies:
ICS/OT
Application
Tcp\/Ip by Treck
Version Range Affected
To
6.0.1.66
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:treck:tcp\/ip:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wyse 7030 Firmware by Dell
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dell:wyse_7030_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wyse 5030 Firmware by Dell
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dell:wyse_5030_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Wyse 5050 All-In-One Firmware by Dell
CPE Identifier
View Detailed Analysis
cpe:2.3:o:dell:wyse_5050_all-in-one_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020…
https://cwe.mitre.org/data/definitions/125.html
https://jsof-tech.com/vulnerability-disclosure-policy/
https://security.netapp.com/advisory/ntap-20200625-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-rippl…
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295…
https://www.jsof-tech.com/ripple20/
https://www.kb.cert.org/vuls/id/257161
https://www.kb.cert.org/vuls/id/257161/
https://www.treck.com
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt
https://cwe.mitre.org/data/definitions/125.html
https://jsof-tech.com/vulnerability-disclosure-policy/
https://security.netapp.com/advisory/ntap-20200625-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-rippl…
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295…
https://www.jsof-tech.com/ripple20/
https://www.kb.cert.org/vuls/id/257161
https://www.kb.cert.org/vuls/id/257161/
https://www.treck.com
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt