CVE-2020-11899

MEDIUM KEV

Treck TCP/IP < 6.0.1.66 - IPv6 Out-of-bounds Read

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-11899 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.

Description

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

References (12)

Core 12
Core References
Technical Description x_refsource_misc
https://cwe.mitre.org/data/definitions/125.html
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.kb.cert.org/vuls/id/257161/
Product, Vendor Advisory x_refsource_misc
https://www.treck.com
Broken Link, Third Party Advisory x_refsource_misc
https://jsof-tech.com/vulnerability-disclosure-policy/
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/257161
Broken Link, Exploit, Third Party Advisory x_refsource_misc
https://www.jsof-tech.com/ripple20/
Broken Link, Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200625-0006/

Scores

CVSS v3 5.4
EPSS 0.3527
EPSS Percentile 97.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-03-03
VulnCheck KEV 2022-03-03
InTheWild.io 2020-11-22
ENISA EUVD EUVD-2020-4236
CWE
CWE-125
Status published
Products (4)
dell/wyse_5030_firmware
dell/wyse_5050_all-in-one_firmware
dell/wyse_7030_firmware
treck/tcp\/ip < 6.0.1.66
Published Jun 17, 2020
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026