Number: AV20-199
Date: 17 June 2020
On 16 June 2020 a security research lab publicly disclosed a research paper known as “Ripple20” detailing vulnerabilities in Treck Incorporated’s TCP/IP stack implementation.
https://www.jsof-tech.com/ripple20
Among the 19 zero-day vulnerabilities are 4 which are rated as critical. Two of these critical vulnerabilities, CVE-2020-11896 and CVE-2020-11901, could result in remote code execution. The remaining critical vulnerabilities, CVE-2020-11897 and CVE-2020-11898, could result in an out-of-bounds write and an out-of-bounds read, respectively. As this low-level technology is used in numerous embedded systems, the vulnerabilities could affect a wide range of ‘downstream’ vendors who use Treck Incorporated’s stack implementation.
The Cyber Centre encourages users and administrators to apply the latest version of the affected products (Treck TCP/IP 6.0.1.66 or later versions). For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory. Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products.
For additional information, please refer to the following links:
Treck Advisory:
https://treck.com/vulnerability-response-information
US-CERT Advisory:
https://www.us-cert.gov/ics/advisories/icsa-20-168-01
CERT-CC Vulnerability Note:
https://kb.cert.org/vuls/id/257161
Note to Readers
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.