CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.4%
pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.
PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP.
Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.
The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data.
An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Link Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.
The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory http://git.savannah.nongnu.org/cgit/lwip.git.
This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’). A Proof-of-Concept exploit for PPTP VPN Servers with additional tools are available in the by CERT/CC PoC repository.
By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution.
Update your software with the latest available patches provided by your software vendor. It is incorrect to assume that pppd is not vulnerable if EAP is not enabled or EAP has not been negotiated by a remote peer using a secret or passphrase. This is due to the fact that an authenticated attacker may still be able to send unsolicited EAP packet to trigger the buffer overflow.
If your software is packaged and created from the ppp source code, please obtain the latest software from github pppd repository.
https://github.com/paulusmack/ppp
Patch referenced :
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
In case of lwIP package that is compiled from source with EAP enabled at compile time, obtain the latest software from github
http://git.savannah.nongnu.org/cgit/lwip.git
Patch referenced:
http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86
Note: the latest software also includes ignoring out-of-order or unsolicited EAP packets from being processed as an additional precautionary measure. It is recommended that you use the latest available software from the appropriate Git repository that includes this fix.
A proof-of-concept for testing if a PPTP server is vulnerable to cve-2020-8597 is available in the CERT/CC PoC respository
A Snort/Surricata IDS rule to detect cve-2020-8597 buffer overflow attempts against PPTP servers is also available in the CERT/CC PoC respository.
There is no viable work around except to patch the software with updated software made available by the software vendors.
Thanks to Ilja Van Sprundel from IOActive for reporting this vulnerability.
This document was written by Vijay Sarvepalli.
782301
Filter by status: All Affected Not Affected Unknown
Filter by content: __Additional information available
__Sort by: Status Alphabetical
Expand all
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
Visit ALAS post https://alas.aws.amazon.com/AL2/ALAS-2020-1400.html for details of this vulnerability
Amazon Linux has adopted RedHat advisory and published their own updates. Please see Vendor URL section for details.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
ArchLinux has updated its advisory on March 7 2020,with ASA-202003-3 advisory with resolution statement"Upgrade to 2.4.7-7. #pacman -Syu"ppp>=2.4.7-7"The problem has been fixed upstream but no release is available yet."
Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
2020-02-25 - Jaroslav [email protected]- 2.4.5-34 - Fixed buffer overflow in the eap_request and eap_response functions Resolves:CVE-2020-8597 Centos 8: Update provided follow the Vendor URL for your architecture Centos 7: Update provided follow the Vendor URL for your version and architecture Centos 6: End of Life no updates available
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
See Checkpoint security advisory sk165875 link in Vendor URL section.
Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
Package:ppp Version:2.4.6-3.1+deb8u1 CVE ID:CVE-2020-8597 Debian Bug:950618 Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode,an attacker was able to overflow the rhostname array by providing a very long name. This issue is also mitigated by Debian’s hardening build flags. For Debian 8"Jessie",this problem has been fixed in version 2.4.6-3.1+deb8u1. We recommend that you upgrade your ppp packages. Further information about Debian LTS security advisories,how to apply these updates to your system and frequently asked questions can be
Vendor bug report can be found in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950618
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
Fedora Project has put out new software updates to address this issue on Fri,21 Feb 2020 16:44:33 UTC,please use the vendor’s URL’s to find the suitable update for your version of Fedora and your platform.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
Please see Google’s advisory that was recently published to acknowledge this issue.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
NetBSD external ppp has been updated in the CVS repository. Users can set up pkg_admin to download the pkg-vulnerabilities file daily(URL in the Vendor URL section),and include a package audit in the daily security script. Details on this are located in the MESSAGE file for pkg_install.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability(CVE-2020-8597)DESCRIPTION A remotely exploitable vulnerability was found in Point-to-Point Protocol Daemon(pppd),which has a significant potential impact due to the possibility of remote code execution prior to authentication. OpenWrt by default enables the_FORTIFY_SOURCE=1 compiler macro which introduces additional checks to detect buffer-overflows in the standard library functions,thus protecting the memcpy()abused in this overflow,preventing the actual buffer overflow and hence possible remote code execution by instead terminating the pppd daemon. Due to those defaults the impact of the issue was changed to a denial of service vulnerability,which is now also addressed by this fix. CVE-2020-8597 has been assigned to this issue,you can find the latest version of this advisory on our wiki. REQUIREMENTS In order to exploit this vulnerability,a malicious attacker would need to provide specially crafted EAP Request packet of type EAPT_MD5CHAP to ppp running in client mode and thus overflowing the rhostname string buffer by providing a very long hostname. MITIGATIONS To fix this issue,update the affected ppp package using the command below. opkg update; opkg upgrade ppp
The fix is contained in the following and later versions: OpenWrt master:2020-02-20 reboot-12255-g215598fd0389 OpenWrt 19.07:2020-02-20 v19.07.1-17-g6b7eeb74dbf8 OpenWrt 18.06:2020-02-20 v18.06.7-6-gcc78f934a946 AFFECTED VERSIONS To our knowledge,OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to 19.07.1 are affected. The fixed packages will be integrated in the upcoming OpenWrt 18.06.8 and OpenWrt 19.07.2 releases. Older versions of OpenWrt(e.g. OpenWrt 15.05 and LEDE 17.01)are end of life and not supported any more.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc’s stack-protector feature. The"Stack Smashing Protection"may help mitigate code execution attacks for this flaw and limit its impact to crash only. This flaw only affects pppd servers and clients when EAP negotiation is used. pppd will refuse to do EAP negotiation unless it has an appropriate secret to use. The secret has to be added to/etc/ppp/chap-secrets. EAP can use CHAP or SRP as the underlying flavour of authentication,Red Hat packages are not compiled with SRP code.
Redhat has created a Bug ID 1800727 for this vulnerability. RedHat has put our updates for their supported platforms. The vendor URL section has links to these updates. It is assumed that EAP needs to be enabled for this vulnerability to be exposed. However this is not the case as shown by Ilja Van Spronkel that even if EAP is disabled,an unauthenticated and unsolicited EAP packet can be send to trigger this vulnerability.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We are indeed affected by this vulnerability in all our supported codestreams. However,this is mitigated by the FORTIFY_SOURCE overflow checking and also by the Stack Protector Overflow heuristic protection that our products ship. Updates are also on the way and we are going to release them within the next weeks. One can track the progress of the update along with all the affected software in our security page mentioned in the vendor URL section.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have published a security advisory for this issue. All new information will be updated on the advisory link below.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
Vendor has released a security advisory Wed,4 Mar 2020 14:34:55 PST. Check to make sure you are subscribed to [email protected] and [email protected] is in your whitelist to receive slackware’s security advisories.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
Synology confirms the following products are affected: - DiskStation Manager(DSM)- VisualStation VS960HD - Synology Router Manager(SRM)Synology has published a security advisory on 2020-03-06 10:40:29 UTC+8 at https://www.synology.com/security/advisory/Synology_SA_20_02
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have published a security advisory for this issue(see link below in Vendor URLs section). And we are still working on this,and all new information will be updated on this advisory.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
Ubiquiti Networks has put out advisory using their community releases with an updated firmware to address this vulnerability. Please check the URL’s below for obtaining the right firmware to patch your systems.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
The ppp security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS The problem can be corrected by updating your system to the following package versions respectively: Ubuntu 19.10 ppp - 2.4.7-2+4.1ubuntu4.1 Ubuntu 18.04 LTS - ppp - 2.4.7-2+2ubuntu1.2 Ubuntu 16.04 LTS - ppp - 2.4.7-1+2ubuntu1.16.04.2 To update your system,use system package manager provided as part of Ubuntu…
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Affected |
---|
We have not received a statement from the vendor.
Wind River support and defects page provides way to search for products affected by this vulnerability. As of Feb 4 2020,the security updates pages shows this CVE is being addressed by Windriver. Please use this defects page to search for your product or search for the CVE-2020-8597 as"Keyword"to obtain the relevant software and firmware updates.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
FRITZ!Box and other AVM products are not affected. AVM does not use the ppp implementation from the pppd project.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
We are using an older version of pppd that does not use EAP and does not have this vulnerability.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
We have not received a statement from the vendor.
Apple has a forked version of ppp that was modified years earlier. It shows not affected due to the source code changes.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
Arista products do not have any features using pppd,hence no Arista products are affected.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
CoreOS Container Linux does not ship pppd.
Notified: 2020-02-13 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
Thank you for your request for Technical Support. EAP isn’t supported on 3900/2960/300B PPTP,so these should not be affected. The rest of the models are running in non-linux platform,the PPTP service isn’t using pppd either.
Updated information from Draytek March 6,2020 Draytek DSL models are running in our in-house OS,they won’t be affected by this vulnerability. Draytek also plans to add protection in the next firmware release to enhance the security for Vigor3900/2960,although EAP is not enabled or supported. Please check advisory URL mentioned below for updates.
Notified: 2020-02-13 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
Fortinet FortiOS are not impacted by this vulnerability
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
FreeBSD does not distribute pppd.
A review of the pppd source tree suggests that FreeBSD do not include pppd in the base system(removed in r190751 - ten years ago). The first pppd version that contained the vulnerability was 2.4.2,and FreeBSD has never shipped with that version.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
HardenedBSD does not ship with this software in the base operating system.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
Juniper is not impacted by this vulnerability
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
LANCOM Systems products are not vulnerable to these vulnerabilities.
Notified: 2020-02-13 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
The described issue is with EAP authentication,which RouterOS doesn’t support for PPP
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-02-05 Updated: 2020-06-19 CVE-2020-8597 | Not Affected |
---|
lwIP is a bit different than pppd,we added a lot of preprocessor directives to enable or disable features at compile time in order to reduce binary size output and EAP is disabled by default: http://git.savannah.nongnu.org/cgit/lwip.git/tree/src/include/netif/ppp/ppp_opts.h?id=d281d3e9592a3ca2ad0c3b7840f8036facc02f7b#n234 http://git.savannah.nongnu.org/cgit/lwip.git/tree/src/netif/ppp/eap.c?id=d2 81d3e9592a3ca2ad0c3b7840f8036facc02f7b#n46 That is,no product using lwIP were ever shipped with the EAP code compiled at all.
EAP was never used by any lwIP user. The lwIP PPP support is mostly used with cellular modems only as a framing protocol limited to the serial link between the MCU and the modem were security is less relevant because it is not authenticated anyway. The lwIP so far has had support for PAP,CHAP,MS-CHAP(tied to MPPE keys exchange),but EAP has never been enabled from compile time.
Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Cisco is investigating this issue and has assigned a bug ID CSCvs95534.
Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
NetApp is investigating this issue and will continue to update this advisory as additional information becomes available. This advisory should be considered the single source of current,up-to-date,authorized and accurate information from NetApp. Advisory ID:NTAP-20200313-0004 Version:2.0 Last updated:03/16/2020 Status:Interim. CVEs:CVE-2020-8597.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-11 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-02-19 Updated: 2020-06-19 CVE-2020-8597 | Unknown |
---|
We have not received a statement from the vendor.
View all 102 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.7 | E:F/RL:OF/RC:C |
Environmental | 7.7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
CVE IDs: | CVE-2020-8597 |
---|---|
Date Public: | 2020-02-02 Date First Published: |
git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86
git.savannah.nongnu.org/cgit/lwip.git/commit/?id=d281d3e9592a3ca2ad0c3b7840f8036facc02f7b
github.com/CERTCC/PoC-Exploits/tree/master/cve-2020-8597-pptpd
github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af
github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af
nvd.nist.gov/vuln/detail/CVE-2020-8597
vulners.com/cve/CVE-2020-8597
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.4%