IT and Business Insights for SMB Solution Providers

Ripple20 Vulnerabilities Affecting Treck IP Stacks

Treck TCP/IP Stack (Update A)

Legal Notice

All information products included in https://us-cert.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://www.us-cert.gov/tlp/.


1. EXECUTIVE SUMMARY

  • CVSS v3 10.0
  • ATTENTION: Exploitable remotely
  • Vendor: Treck Inc.
  • Equipment: TCP/IP
  • Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
CISA is aware of a public report, known as “Ripple20” that details vulnerabilities found in the Treck TCP/IP stack. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

2. UPDATE INFORMATION

This updated advisory is a follow-up to the original advisory titled ICSA-20-168-01 Treck TCP/IP Stack that was published June 16, 2020, to the ICS webpage on us-cert.gov. 

3. RISK EVALUATION

Successful exploitation of these vulnerabilities may allow remote code execution or exposure of sensitive information.

4. TECHNICAL DETAILS

4.1 AFFECTED PRODUCTS

The Treck TCP/IP stack is affected including:
  • IPv4
  • IPv6
  • UDP
  • DNS
  • DHCP
  • TCP
  • ICMPv4
  • ARP

Please go to ICS Cert page for more details

About the Author

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.