Lucene search

F5F5:K17133899

HistoryJun 19, 2020 - 12:00 a.m.

K17133899 : Multiple Treck TCP/IP stack vulnerabilities

2020-06-1900:00:00

my.f5.com

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

5.7 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

91.9%

JSON

Security Advisory Description

CVE-2020-11896

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

CVE-2020-11897

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.

CVE-2020-11898

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

CVE-2020-11899

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

CVE-2020-11900

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.

CVE-2020-11901

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

CVE-2020-11902

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.

CVE-2020-11903

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.

CVE-2020-11904

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.

CVE-2020-11905

The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.

CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.

CVE-2020-11907

The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.

CVE-2020-11908

The Treck TCP/IP stack before 4.7.1.27 mishandles ‘\0’ termination in DHCP.

CVE-2020-11909

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

CVE-2020-11910

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

CVE-2020-11911

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.

CVE-2020-11912

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.

CVE-2020-11913

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

CVE-2020-11914

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.

CPENameOperatorVersion
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3

Name	Operator	Version
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3