CVEブラウザに戻る

CVE-2020-11899

Known Exploited (CISA KEV)MEDIUM

5.4

CVSS Severity Score

EPSS Score65.2740%

EPSS Percentile98.80th

Published2020年6月17日

Last Modified2025年11月7日

Vulnerability Description

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Affected Platforms (CPE)

📦

Treck

Tcp\/ip

< 6.0.1.66

💻

Dell

Wyse 5050 All In One Firmware

All versions

💻

Dell

Wyse 7030 Firmware

All versions

💻

Dell

Wyse 5030 Firmware

All versions

References & Advisories

🔗 http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt

🔗 https://cwe.mitre.org/data/definitions/125.html

🔗 https://jsof-tech.com/vulnerability-disclosure-policy/

🔗 https://security.netapp.com/advisory/ntap-20200625-0006/

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC

🔗 https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities

🔗 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html

🔗 https://www.jsof-tech.com/ripple20/

関連する脆弱性情報

CVE-1999-066110.0

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP...

CVE-2018-399110.0

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40...

CVE-1999-060110.0

A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.

CVE-1999-083710.0

Denial of service in BIND by improperly closing TCP sessions via so_linger.