Severity Rating: High
Systems Affected
Implementations of Treck TCP/IP Stack software library version 6.0.1.66 and prior
Overview
Multiple vulnerabilities have been reported in Treck TCP/IP software
library, which could be exploited by a remote attacker to gain access to
sensitive information or perform a denial of service (DoS) attack or
execute arbitrary code and take control of an affected system.
Description
Treck TCP/IP stack software is designed for and used in a variety of IoT
and embedded systems. The software can be licensed and integrated in
various ways, including compiled from source, licensed for modification and
reuse and finally as a dynamic or static linked library.
The vulnerabilities exist due to improper handling of length parameter
inconsistency, improper input validation, out-of-bounds read, integer
overflow, improper null termination, and improper access control of the
affected system.
Successful exploitation of these vulnerabilities allow a remote attacker to
execute arbitrary code, gain access to sensitive information or perform a
denial of service (DoS) attack on the target system.
Solution
Update to the latest version of Treck TCP/IP stack software (6.0.1.67 or later)
Vendor Information
Treck
Cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- -sa-treck-ip-stack-JyBQ5GyC
HP
Intel
Schneider Electric
References
Treck Inc.
CVE Name
CVE-2020-11896
CVE-2020-11897
CVE-2020-11898
CVE-2020-11899
CVE-2020-11900
CVE-2020-11901
CVE-2020-11902
CVE-2020-11903
CVE-2020-11904
CVE-2020-11905
CVE-2020-11906
CVE-2020-11907
CVE-2020-11908
CVE-2020-11909
CVE-2020-11910
CVE-2020-11911
CVE-2020-11912
CVE-2020-11913
CVE-2020-11914
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.