Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K44834280
HistoryJan 13, 2021 - 12:00 a.m.

K44834280 : Multiple Treck vulnerabilities CVE-2020-25066, CVE-2020-27336, CVE-2020-27337, and CVE-2020-27338

2021-01-1300:00:00
my.f5.com
18

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

82.0%

JSON

Security Advisory Description

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access.

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access.

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access.

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

thn 1
ics 1
hp 1
cve 4
prion 4
nessus 1
intel 2
thn
thn
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices
2020-12-23 06:51:00
ics
ics
Treck TCP/IP Stack (Update A)
2021-01-26 12:00:00
hp
hp
HPSBPI03709 rev. 1 - Certain HP and Samsung-branded Print Products - IPv6 Network Stack Vulnerability
2020-12-27 00:00:00
cve
cve
CVE-2020-27336
2020-12-22 22:15:00
CVE-2020-27338
2020-12-22 22:15:00
CVE-2020-25066
2020-12-22 22:15:00
prion
prion
Input validation
2020-12-22 22:15:00
Out-of-bounds
2020-12-22 22:15:00
Heap overflow
2020-12-22 22:15:00
nessus
nessus
ArubaOS-Switch Memory Corruption Vulnerability (ARUBA-PSA-2021-003)
2021-06-14 00:00:00
intel
intel
Intel® AMT and Intel® ISM Advisory
2021-01-22 00:00:00
2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory
2022-05-12 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

82.0%

JSON
Related for F5:K44834280
thn1ics1hp1cve4prion4nessus1intel2