Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:815128
HistoryDec 08, 2020 - 12:00 a.m.

Embedded TCP/IP stacks have memory corruption vulnerabilities

2020-12-0800:00:00
www.kb.cert.org
130

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.859 High

EPSS

Percentile

98.5%

JSON

Overview

Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33.

Description

Embedded TCP/IP stacks provide essential network communication capability using TCP/IP networking to many lightweight operating systems adopted by IoT and other embedded devices. These software stacks can also be used in the latest technologies such as Edge Computing. The following embedded TCP/IP stacks were discovered to have 33 memory related vulnerabilities included in this advisory:

These networking software stacks can be integrated in various ways, including compiled from source, modified and integrated, and linked as a dynamic or static libraries, allowing for a wide variety of implementations. As an example, projects such as Apache Nuttx and open-iscsi have adopted common libraries and software modules, thus inheriting some of these vulnerabilities with varying levels of impact. The diversity of implementations and the lack of supply chain visibility has made it difficult to accurately assess the impact, usage as well as the potential exploitability of these vulnerabilities.

In general, most of these vulnerabilities are caused by memory management bugs, commonly seen in lightweight software implementations in Real Time Operating Systems (RTOS) and IoT devices. For specific details on these vulnerabilities, see the Forescout advisory that provides technical details. Due to the lack of visibility of these software usage, Forescout has released an open source version of Detector that can be used to identify potentially vulnerable software.

Impact

The impact of these vulnerabilities vary widely due to the combination of build and runtime options customized while including these in embedded devices. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause the vulnerable device to behave in unexpected ways such as a failure (denial of service), disclosure of private information, or execution of arbitrary code.

Solution

Apply updates

Update to the latest stable version of the affected embedded TCP/IP software that address these recently disclosed vulnerabilities. If you have adopted this software from an upstream provider, contact the provider to get appropriate updates that need to be integrated into your software. Concerned end-users of IoT and embedded devices that implement these vulnerable TCP/IP software stacks should contact their vendor or the closest reseller to obtain appropriate updates.

Follow best-practices

We recommend that you follow best practices when connecting IoT or embedded devices to a network:

  • Avoid exposure of IoT and embedded devices directly over the Internet and use a segmented network zone when available.
  • Enable security features such as deep-packet inspection and firewall anomaly detection when available to protect embedded and IoT devices.
  • Ensure secure defaults are adopted and disable unused features and services on your embedded devices.
  • Regularly update firmware to the vendor provided latest stable version to ensure your device is up to date.

Acknowledgements

Jos Wetzels, Stanislav Dashevskyi, Amine Amri and Daniel dos Santos of Forescout Technologies researched and reported these vulnerabilities.

This document was written by Vijay Sarvepalli.

Vendor Information

815128

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Cyanconnode AB __ Affected

Notified: 2020-12-09 Updated: 2020-12-09

Statement Date: December 08, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Affected CVE-2020-13986

Vendor Statement

Cyanconnode is aware of multiple security vulnerabilities in the uIP stack - commonly referred to as “AMNESIA:33”. The Cyan Technlogy IDE, CyanIDE, was distributed with uIP v1.0. The final release of CyanIDE before it reached end-of-life was v2.4.0 in 2014. Therefore, we deem the exploitation of our product a low risk. Patches won’t be provided since the affected product is end-of-life.

FNet __ Affected

Notified: 2020-08-24 Updated: 2021-02-16

Statement Date: February 16, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

All mentioned vulnerabilities were solved in previous FNET v4.7.0 release.

References

CERT Addendum

FNET has their latest repository at Github https://github.com/butok/FNET/ Their latest release is 4.7.1 linked in the References.

Microchip Technology __ Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: December 02, 2020

CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

Microchip is aware of a TCP/IP security vulnerability known as Amnesia:33. Microchip takes security issues seriously and is currently working to mitigate the issues and provide solutions for our clients. We have determined that some CVEs affect some of our networking products. For details on impacted products and resolution plans, visit below URL.

References

Netgear Affected

Notified: 2020-08-21 Updated: 2021-03-23

Statement Date: March 19, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

SUSE Linux __ Affected

Notified: 2020-09-15 Updated: 2020-12-14

Statement Date: December 14, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986
our open-iscsi package is affected by this uIP issue
CVE-2020-13988 Affected Vendor Statement:
Our open-iscsi package be affected by this issue.
CVE-2020-17437 Affected Vendor Statement:
our open-iscsi package is affected by this issue.
CVE-2020-17438 Affected Vendor Statement:
our open-iscsi package is affected by this issue.
CVE-2020-17439 Not Affected CVE-2020-17440

Vendor Statement

The Linux Kernel TCP/IP stack used by SUSE Linux Enterprise and openSUSE is not affected by the listed vulnerabilities.

SUSE ships open-iscsi, which embeds a version of the uIP IP stack, which is affected by some of the vulnerabilities, and will provide fixes.

References

Siemens __ Affected

Notified: 2020-10-28 Updated: 2021-03-23

Statement Date: March 18, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Siemens is aware of the security vulnerabilities in several TCP/IP stacks, also named “AMNESIA:33” and disclosed on 2020-12-08. The impact to Siemens products is described in the Security Advisories SSA-541017, published on 2020-12-08 and SSA-541018, published on 2021-03-09 on the Siemens ProductCERT page (https://www.siemens.com/cert/advisories).

References

Weinert Automation __ Affected

Notified: 2020-12-09 Updated: 2020-12-09

Statement Date: December 08, 2020

CVE-2020-13984 Affected
CVE-2020-13985 Affected CVE-2020-13986

Vendor Statement

Weinert-automation is aware of multiple security vulnerabilities in the uIP stack - commonly referred to as “AMNESIA:33”. The stack was used in weAut_01 (software weAutSys) which was discontinued in 2012 and is verifiably not in use anymore. Therefore, we deem the exploitation of our product a low risk. Patches won’t be provided since the product is end-of-life.

iscsi __ Affected

Notified: 2020-09-15 Updated: 2020-12-21 CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp

ARM mbed TLS Not Affected

Notified: 2020-08-24 Updated: 2020-12-08

Statement Date: September 24, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

AVM GmbH Not Affected

Notified: 2021-02-04 Updated: 2021-03-23

Statement Date: March 22, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Abbott Labs __ Not Affected

Notified: 2020-12-02 Updated: 2020-12-08 CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

Statement provided by Abbott labs available at ICS-CERT advisory

Afero Not Affected

Notified: 2020-08-24 Updated: 2020-12-08

Statement Date: December 07, 2020

CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Arista Networks Inc. __ Not Affected

Notified: 2020-08-24 Updated: 2020-12-08

Statement Date: December 07, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Arista Networks does not use the affected software in any of its product lines.

B. Braun __ Not Affected

Notified: 2020-12-09 Updated: 2021-01-06

Statement Date: January 06, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

References

Barracuda Networks __ Not Affected

Notified: 2020-08-25 Updated: 2020-12-08

Statement Date: September 16, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Barracuda does not use these libraries in any of our products.

Belden __ Not Affected

Notified: 2020-08-20 Updated: 2021-03-23

Statement Date: March 22, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Belden devices do not contain the vulnerable software and are not affected by this vulnerability.

Blackberry QNX Not Affected

Notified: 2020-08-26 Updated: 2020-12-08

Statement Date: September 21, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Brocade Communication Systems __ Not Affected

Notified: 2020-08-26 Updated: 2021-03-23

Statement Date: March 18, 2021

CVE-2020-13984 Not Affected
Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-13985 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-13986 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-13987 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-13988 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17437 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17438 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17439 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17440 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17441 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17442 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17443 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17444 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17445 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17467 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17468 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17469 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-17470 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24334 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24335 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24336 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24337 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24338 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24339 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24340 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24341 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-24383 Not Affected Vendor Statement:
No Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability.
CVE-2020-25107 Not Affected CVE-2020-25108

Ceragon Networks Inc __ Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: December 08, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Not affected by this case

Check Point __ Not Affected

Notified: 2020-12-23 Updated: 2021-03-23

Statement Date: March 21, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Check Point is not affected by these vulnerabilities.

Cisco Not Affected

Notified: 2020-08-20 Updated: 2021-03-23

Statement Date: March 22, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Dell SecureWorks Not Affected

Notified: 2020-08-31 Updated: 2020-12-14

Statement Date: December 11, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Digi International __ Not Affected

Notified: 2020-08-20 Updated: 2020-12-14

Statement Date: December 09, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We do not use any of the affected stacks in our products. https://www.digi.com/resources/security

Espressif Systems __ Not Affected

Notified: 2020-09-09 Updated: 2021-01-13

Statement Date: January 12, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Espressif ESP8266 SDKs and ESP-IDF (SDK for ESP32 and ESP32-S2) both use the TCP/IP library lwIP, therefore are not affected by these vulnerabilities.

F5 Networks Inc. __ Not Affected

Notified: 2020-08-21 Updated: 2020-12-08

Statement Date: December 08, 2020

CVE-2020-13984 Not Affected
Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-13985 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-13986 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-13987 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-13988 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17437 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17438 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17439 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17440 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17441 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17442 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17443 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17444 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17445 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17467 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17468 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17469 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-17470 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24334 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24335 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24336 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24337 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24338 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24339 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24340 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24341 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-24383 Not Affected Vendor Statement:
F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.
CVE-2020-25107 Not Affected CVE-2020-25108

Vendor Statement

F5 firmware (BIOS, LOP, BMC, LCD) does not use these products.

Fastly Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: December 07, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Fitbit __ Not Affected

Notified: 2020-12-02 Updated: 2020-12-08

Statement Date: December 07, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Based on our review, we can confirm that Fitbit is not affected by the “Amnesia” IoT TCP/IP stack vulnerabilities identified by the team at Forescout Technologies.

CERT Addendum

Fitbit statement was provided to ICS-CERT

Fujitsu Not Affected

Notified: 2020-09-09 Updated: 2020-12-16

Statement Date: December 16, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Google Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: September 25, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

HCC Not Affected

Notified: 2020-09-09 Updated: 2020-12-08

Statement Date: December 08, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Infoblox __ Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: September 16, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Our products have none of the embedded software listed in this case.

Intel Not Affected

Notified: 2020-08-20 Updated: 2021-01-11

Statement Date: January 11, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Juniper Networks __ Not Affected

Notified: 2020-08-20 Updated: 2020-12-08

Statement Date: September 02, 2020

CVE-2020-13984 Not Affected
Vendor Statement:
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-13985 Not Affected Vendor Statement:
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-13986 Not Affected Vendor Statement:
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-13987 Not Affected Vendor Statement:
Juniper Networks products do not use uIP, thus we are not affected.
CVE-2020-13988 Not Affected Vendor Statement:
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-17437 Not Affected Vendor Statement:
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-17438 Not Affected Vendor Statement:
Juniper Networks products do not use uIP, thus we are not affected.
CVE-2020-17439 Not Affected Vendor Statement:
Juniper Networks products do not use uIP, thus we are not affected.
CVE-2020-17440 Not Affected Vendor Statement:
Juniper Networks products do not use uIP, thus we are not affected.
CVE-2020-17441 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-17442 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-17443 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-17444 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP and PicoTCP-NG, thus we are not affected.
CVE-2020-17445 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-17467 Not Affected Vendor Statement:
Juniper Networks products do not use Fnet, thus we are not affected.
CVE-2020-17468 Not Affected Vendor Statement:
Juniper Networks products do not use Fnet, thus we are not affected.
CVE-2020-17469 Not Affected Vendor Statement:
Juniper Networks products do not use Fnet, thus we are not affected.
CVE-2020-17470 Not Affected Vendor Statement:
Juniper Networks products do not use Fnet, thus we are not affected.
CVE-2020-24334 Not Affected Vendor Statement:
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-24335 Unknown CVE-2020-24336
Juniper Networks products do not use Contiki-OS, thus we are not affected.
CVE-2020-24337 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-24338 Unknown CVE-2020-24339
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-24341 Not Affected Vendor Statement:
Juniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected.
CVE-2020-24383 Not Affected Vendor Statement:
Juniper Networks products do not use Fnet, thus we are not affected.
CVE-2020-25107 Unknown CVE-2020-25108

Miredo __ Not Affected

Notified: 2020-08-28 Updated: 2021-01-28

Statement Date: January 19, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

miredo uses adhoc code for ICMPv6; is not involved with DNS.

Nokia Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: September 03, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Rockwell Automation Not Affected

Notified: 2020-08-25 Updated: 2021-05-11

Statement Date: April 13, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Securepoint GmbH Not Affected

Notified: 2020-12-15 Updated: 2021-03-23

Statement Date: March 19, 2021

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Sophos __ Not Affected

Notified: 2020-09-07 Updated: 2020-12-21

Statement Date: December 21, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Sophos products and services are not impacted by these vulnerabilities.

VMware __ Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: September 14, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Vmware is not affected by these issues directly.

VMware Carbon Black Not Affected

Notified: 2020-08-28 Updated: 2020-12-08

Statement Date: September 09, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Wind River Not Affected

Notified: 2020-08-25 Updated: 2020-12-08

Statement Date: October 14, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Xilinx __ Not Affected

Notified: 2020-08-25 Updated: 2020-12-08

Statement Date: September 11, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Xilinx is not affected by these vulnerabilities.

References

Zebra Technologies Not Affected

Notified: 2020-08-28 Updated: 2021-01-28 CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Zephyr Project __ Not Affected

Notified: 2020-09-07 Updated: 2020-12-08

Statement Date: October 05, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

The affected code is not used in the Zephyr TCP implementation.

Zyxel __ Not Affected

Notified: 2020-08-21 Updated: 2020-12-09

Statement Date: December 09, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

Zyxel is NOT affected because our products don’t make use of these TCP/IP software

dd-wrt Not Affected

Notified: 2020-12-02 Updated: 2020-12-08

Statement Date: December 08, 2020

CVE-2020-13984 Not Affected
CVE-2020-13985 Not Affected CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Alcatel-Lucent Enterprise Unknown

Notified: 2020-08-24 Updated: 2021-05-11

Statement Date: April 06, 2021

CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Texas Instruments __ Unknown

Notified: 2020-12-02 Updated: 2021-03-15

Statement Date: January 21, 2021

CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

Please visit Texas Instrument PSIRT anouncement on AMNESIA:33 vulnerabilities. https://www.ti.com/lit/ml/sszo001/sszo001.pdf?ts=1615806156409

m0n0wall __ Unknown

Notified: 2020-09-07 Updated: 2020-12-17 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CERT Addendum

Note that M0n0wall is end-of-life http://forum.m0n0.ch/forum/topic,6369.0.html https://m0n0.ch/wall/mailinglist.php

Administrator of this software, Manuel Kasper, recommends you move to OPNSense

ADATA Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

ANTlabs Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Actelis Networks Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Aerohive Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

AhnLab Inc Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Akamai Technologies Inc. Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Allied Telesis Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Altran Intelligent Systems Unknown

Notified: 2020-08-20 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Apache Software Foundation Unknown

Notified: 2020-11-02 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Aruba Networks Unknown

Notified: 2020-10-02 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Atheros Communications Inc Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Avaya Inc. Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Belkin Inc. Unknown

Notified: 2020-08-26 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Bell Canada Enterprises Unknown

Notified: 2020-08-26 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Blunk Microsystems Unknown

Notified: 2020-08-26 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

BoringSSL Unknown

Notified: 2020-08-26 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Broadcom Unknown

Notified: 2020-08-26 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CERT-UBIK Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CMX Systems Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Cambium Networks Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Canon Unknown

Notified: 2020-12-02 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

CareStream Unknown

Notified: 2020-08-20 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Cesanta Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Cirpack Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Commscope Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Contiki OS Unknown

Notified: 2020-08-24 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Cricket Wireless Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Cypress Semiconductor Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

D-Link Systems Inc. Unknown

Notified: 2020-08-20 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Dell Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Dell EMC Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Deutsche Telekom Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Devicescape Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Diebold Election Systems Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

ENEA Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

EfficientIP Unknown

Notified: 2020-08-31 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Egnite Unknown

Notified: 2020-09-16 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Ericsson Unknown

Notified: 2020-08-21 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Force10 Networks Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Foundry Brocade Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

FreeBSD Project Unknown

Notified: 2020-08-25 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

FreeRTOS Unknown

Notified: 2020-08-25 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

GFI Software Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Grandstream Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Green Hills Software Unknown

Notified: 2020-08-25 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

HP Inc. Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Hewlett Packard Enterprise Unknown

Notified: 2020-08-25 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Hitachi Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Honeywell Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Huawei Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

IBM Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

IBM Corporation (zseries) Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

IBM Numa-Q Division (Formerly Sequent) Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

ICASI Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

INTEROP Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

IP Infusion Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

InfoExpress Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Inmarsat Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Kwikset Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

LG Electronics Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

LITE-ON Technology Corporation Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Lantronix Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Lenovo Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

LibreSSL Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

LiteSpeed Technologies Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Lynx Software Technologies Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Marvell Semiconductor Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

MediaTek Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Medtronic Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Metaswitch Networks Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Micrium Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Microsoft Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Monroe Electronics Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Motorola Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Muonics Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

NETSCOUT Unknown

Notified: 2020-08-28 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

NetBSD Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

NetBurner Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

OleumTech Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

OpenConnect Ltd Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

OpenSSL Unknown

Notified: 2020-09-09 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Oracle Corporation Unknown

Notified: 2020-08-20 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Oryx Embedded Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Paessler Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Palo Alto Networks Unknown

Notified: 2020-08-20 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Panasonic Unknown

Notified: 2020-08-21 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Philips Electronics Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Proxim Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Pulse Secure Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

QLogic Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

QNAP Unknown

Notified: 2020-10-08 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Quadros Systems Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Qualcomm Unknown

Notified: 2020-08-25 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Riverbed Technologies Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Roku Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Ruijie Networks Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

SEIKO EPSON Corp. / Epson America Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

SafeNet Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Samsung Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Samsung Semiconductor Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Schneider Electric Unknown

Notified: 2020-12-08 Updated: 2020-12-09 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Siemens Nixdorf AG Unknown

Notified: 2020-10-26 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Sierra Wireless Unknown

Notified: 2020-12-10 Updated: 2020-12-14 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

SmoothWall Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

SonicWall Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Sonos Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Systech Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

TCPWave Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

TP-LINK Unknown

Notified: 2020-12-10 Updated: 2020-12-14 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Tenable Network Security Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

TippingPoint Technologies Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Toshiba Commerce Solutions Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Ubuntu Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Untangle Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Vertical Networks Inc. Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

WizNET Technology Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Xerox Unknown

Notified: 2020-12-02 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

Yamaha Corporation Unknown

Notified: 2020-12-02 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

ZTE Corporation Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

netsnmp Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

netsnmpj Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

wolfSSL Unknown

Notified: 2020-09-07 Updated: 2020-12-08 CVE-2020-13984 Unknown
CVE-2020-13985 Unknown CVE-2020-13986

Vendor Statement

We have not received a statement from the vendor.

View all 174 vendors __View less vendors __

References

Other Information

CVE IDs: CVE-2020-13984 CVE-2020-13985 CVE-2020-13986 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-17439 CVE-2020-17440 CVE-2020-17441 CVE-2020-17442 CVE-2020-17443 CVE-2020-17444 CVE-2020-17445 CVE-2020-17467 CVE-2020-17468 CVE-2020-17469 CVE-2020-17470 CVE-2020-24334 CVE-2020-24335 CVE-2020-24336 CVE-2020-24337 CVE-2020-24338 CVE-2020-24339 CVE-2020-24340 CVE-2020-24341 CVE-2020-24383 CVE-2020-25107 CVE-2020-25108 CVE-2020-25109 CVE-2020-25110 CVE-2020-25111 CVE-2020-25112 CVE-2021-28362
Date Public: 2020-12-08 Date First Published:

Related

ics 3
attackerkb 1
nessus 25
openvas 25
thn 1
ubuntu 1
osv 21
prion 34
cve 34
ubuntucve 5
veracode 3
redhatcve 3
debiancve 3
photon 2
ics
ics
Multiple Embedded TCP/IP Stacks
2020-12-09 12:00:00
Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
2022-02-10 12:00:00
Siemens Embedded TCP/IP Stack Vulnerabilities–AMNESIA:33 (Update C)
2021-04-13 12:00:00
attackerkb
attackerkb
Amnesia:33
2020-12-08 00:00:00
nessus
nessus
SUSE SLES15 Security Update : open-iscsi (SUSE-SU-2021:1164-1)
2021-04-14 00:00:00
EulerOS Virtualization 3.0.6.6 : iscsi-initiator-utils (EulerOS-SA-2021-1485)
2021-03-10 00:00:00
EulerOS 2.0 SP3 : iscsi-initiator-utils (EulerOS-SA-2021-1076)
2021-01-20 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1164-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for iscsi-initiator-utils (EulerOS-SA-2021-1377)
2021-03-05 00:00:00
Huawei EulerOS: Security Advisory for open-iscsi (EulerOS-SA-2021-1031)
2021-01-08 00:00:00
thn
thn
Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
2020-12-09 09:50:00
ubuntu
ubuntu
Open-iSCSI vulnerabilities
2023-07-27 00:00:00
osv
osv
open-iscsi vulnerabilities
2023-07-27 11:00:57
CVE-2020-24334
2020-12-11 23:15:13
CVE-2020-24335
2021-02-02 07:15:13
prion
prion
Out-of-bounds
2020-12-11 23:15:00
Code injection
2020-12-11 22:15:00
Memory corruption
2020-12-11 22:15:00
cve
cve
CVE-2020-17444
2020-12-11 23:15:00
CVE-2020-13984
2020-12-11 22:15:00
CVE-2020-17445
2020-12-11 23:15:00
ubuntucve
ubuntucve
CVE-2020-17438
2020-12-01 00:00:00
CVE-2020-24335
2021-02-02 00:00:00
CVE-2020-13987
2020-12-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-12-24 21:46:55
Buffer Overflow
2020-12-24 19:23:41
Integer Overflow
2020-12-24 21:46:55
redhatcve
redhatcve
CVE-2020-13987
2020-12-10 17:34:59
CVE-2020-17437
2020-12-10 17:34:58
CVE-2020-13988
2020-12-10 17:34:44
debiancve
debiancve
CVE-2020-17437
2020-12-11 23:15:00
CVE-2020-13987
2020-12-11 22:15:00
CVE-2020-13988
2020-12-11 22:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-3.0-0437
2022-08-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0578
2023-05-12 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.859 High

EPSS

Percentile

98.5%

JSON
Related for VU:815128
ics3attackerkb1nessus25openvas25thn1ubuntu1osv21prion34cve34ubuntucve5veracode3redhatcve3debiancve3photon2