CVE-2020-11898
https://notcve.org/view.php?id=CVE-2020-11898
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. La pila Treck TCP/IP versiones anteriores a 6.0.1.66, maneja inapropiadamente una Inconsistencia del Parámetro de Longitud de IPv4/ICMPv4, lo que podría permitir a atacantes remotos desencadenar una filtración de información • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt https://jsof-tech.com/vulnerability-disclosure-policy https://security.netapp.com/advisory/ntap-20200625-0006 https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities https://www.jsof-tech.com/ripple20 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-11897
https://notcve.org/view.php?id=CVE-2020-11897
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. La pila Treck TCP/IP versiones anteriores a 5.0.1.35, presenta una Escritura Fuera de Límites por medio de múltiples paquetes IPv6 malformados • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt https://jsof-tech.com/vulnerability-disclosure-policy https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities https://www.jsof-tech.com/ripple20 https://www.kb.cert.org/vuls/id/257161 https://www.treck.com • CWE-787: Out-of-bounds Write •
CVE-2020-11896
https://notcve.org/view.php?id=CVE-2020-11896
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. La pila Treck TCP/IP versiones anteriores a 6.0.1.66, permite una Ejecución de Código Remota, relacionada con el túnel IPv4 • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf https://jsof-tech.com/vulnerability-disclosure-policy https://security.netapp.com/advisory/ntap-20200625-0006 https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2020-10136 – IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic
https://notcve.org/view.php?id=CVE-2020-10136
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. Múltiples productos que implementan la IP Encapsulation dentro del estándar IP (RFC 2003, STD 1) desencapsulan y enrutan el tráfico IP-in-IP sin ninguna comprobación, lo que podría permitir a un atacante remoto no autenticado enrutar tráfico arbitrario por medio de una interfaz de red expuesta y conllevar a una falsificación, omisión de control de acceso y otros comportamientos inesperados de la red. • https://datatracker.ietf.org/doc/html/rfc6169 https://kb.cert.org/vuls/id/636397 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4 https://www.digi.com/resources/security https://www.kb.cert.org/vuls/id/636397 • CWE-290: Authentication Bypass by Spoofing •