KEVIntel
Vulnerability detail
Enriched intelligence for a single CVE
5.4
CVSS
Medium
Medium
CVE-2020-11899
PUBLISHEDThe Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
Exploited in the wild
Low complexity
No user interaction
- Vendor
- Treck
- Product
- TCP/IP stack
- Published
- Jun 17, 2020
- EPSS
- —
Description
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
cisa
CVSS scores
CVSS v3.1
5.4 Medium
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVSS v2.0
4.8
AV:A/AC:L/Au:N/C:N/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2022-03-03 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- partial
References
- https://cwe.mitre.org/data/definitions/125.html
- https://www.kb.cert.org/vuls/id/257161/
- https://www.treck.com
- https://jsof-tech.com/vulnerability-disclosure-policy/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
- https://www.kb.cert.org/vuls/id/257161
- https://www.jsof-tech.com/ripple20/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt
- https://security.netapp.com/advisory/ntap-20200625-0006/
- https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Mar 03, 2022 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel