10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.054 Low
EPSS
Percentile
93.2%
Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20.
Treck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities introduced by these bugs, see Treck’s Vulnerability Response Information and JSOF’s Ripple20 advisory.
Historically-related KASAGO TCP/IP middleware from Zuken Elmic (formerly Elmic Systems) is also affected by some of these vulnerabilities.
These vulnerabilities likely affect industrial control systems and medical devices. Please see ICS-CERT Advisory ICSA-20-168-01 for more information.
The impact of these vulnerabilities will vary due to the combination of build and runtime options used while developing different embedded systems. This diversity of implementations and the lack of supply chain visibility has exasperated the problem of accurately assessing the impact of these vulnerabilities. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or execute arbitrary code.
Update to the latest stable version of Treck IP stack software (6.0.1.67 or later). Please contact Treck at [email protected]. Downstream users of embedded systems that incorporate Treck IP stacks should contact their embedded system vendor.
Consider blocking network attacks via deep packet inspection. In some cases, modern switches, routers, and firewalls will drop malformed packets with no additional configuration. It is recommended that such security features are not disabled. Below is a list of possible mitigations that can be applied as appropriate to your network environment.
Further recommendations are available here.
Suricata IDS has built-in decoder-event rules that can be customized to detect attempts to exploit these vulnerabilities. See the rule below for an example. A larger set of selected vu-257161.rules are available from the CERT/CC Github repository.
#IP-in-IP tunnel with fragments
alert ip any any -> any any (msg:"VU#257161:CVE-2020-11896, CVE-2020-11900 Fragments inside IP-in-IP tunnel https://kb.cert.org/vuls/id/257161"; ip_proto:4; fragbits:M; sid:1367257161; rev:1;)
Moshe Kol and Shlomi Oberman of JSOF https://jsof-tech.com researched and reported these vulnerabilities. Treck worked closely with us and other stakeholders to coordinate the disclosure of these vulnerabilities.
This document was written by Vijay Sarvepalli.
257161
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Updated: 2022-09-20 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please see updated information about Aruba/ HPE products in regards to the Ripple20 vulnerabilities - ARUBA-PSA-2020-006
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please see the Baxter bulletin link in References section
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
B. Braun provide information via “Important information about our products and services” section of their website. Braun has mentioned this as Skyline/2020 vulnerability.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
It was discovered that multiple potential vulnerabilities exist in the networking stack used in Brother products.
Please see references in both English and Japanese provided by Brother
Notified: 2020-08-19 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
For details on Carestream’s affected products, please see the Ripple20 Product Security Advisory.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
ICS-CERT has communicated with Caterpillar and has confirmed this vulnerability. Please see ICS CERT announcement https://www.us-cert.gov/ics/advisories/icsa-20-168-01
Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
The list of confirmed products are under the “Vulnerable Products” section of the advisory.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please reference the Dell Security Notice link provided in the references section.
Notified: 2020-05-21 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Please look for an announcement from Digi on Treck’s vulnerabilities being addresses.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Please see Eaton Advisory in 2020 section
Updated: 2020-09-30
Statement Date: June 26, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please reference the Fujitsu PSIRT (CEE, NWE, UK&I) Security Advisory link provided in the references section.
Please visit JPCERT status page for Fujitsu’s status https://jvn.jp/vu/JVNVU94736763/index.html
Notified: 2020-07-10 Updated: 2020-06-25
Statement Date: July 10, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Green Hills Software LLC’s GHnet™ v2 network stack is based on the network stack from Treck Inc. Treck informed Green Hills Software of multiple vulnerabilities in its network stack, which were found by a third party.
While GHnet v2 is based on Treck’s network stack, the two are not identical. Green Hills Software has made many improvements, added new features, and fixed bugs in the product. Because of these improvements and INTEGRITY’s separation kernel architecture, the impact of these vulnerabilities on GHnet v2 is far less severe.
Green Hills Software has and will continue to advocate for running middleware, driver, and application code in partitioned virtual address spaces, rather than in the kernel. The INTEGRITY Real-Time Operating System was designed to provide isolation between applications and the kernel, protecting the rest of the system if an application fails or misbehaves. Due to the isolation provided by INTEGRITY, running the GHnet v2 stack in a virtual address space significantly reduces the impact of these vulnerabilities. Green Hills Software strongly recommends that the GHnet v2 network stack, all other middleware, and all application code be placed in separate virtual address spaces.
Green Hills Software will include fixes for these vulnerabilities in future releases of GHnet v2, and is making patches available to customers on previous releases. If you have questions about how these vulnerabilities may affect your system, please contact your Green Hills Software sales representative, or contact Green Hills Software Technical Support.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please see HPE official link for information about ripple20 from HPE in the references section. For HPE’s Aruba specific devices please see Aruba advisory PSA-2020-006.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
HP Security Bulletin ID c06655639 addresses Treck’s vulnerability inherited through Intel. HP Security Bulletin c06640149 addresses HP and Samsung branded products that are impacted from Treck’s embedded IP stack.
Notified: 2020-06-05 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please visit Intel’s public security advisory SA-00295 for information.
Please check Intel’s advisory that provides mapping relevant mapping to Treck’s CVE listed in this advisory.
Updated: 2020-09-25
Statement Date: September 25, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have published an advisory on our official website. We are continuing to investigate impacts of this vulnerability for our products. We will update the advisory as needed.
Updated: 2020-06-25
Statement Date: July 31, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Ricoh has provided a public statement on Treck IP Stacks vulnerabilities, please use the link provided above.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
See Rockwell’s advisory https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1126896
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Schneider has provided a security advisory SESB-2020-168-01 addressing this issue.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Teradici has issued a security advisory (TERA-SA-000056) and has addressed this issue with updated firmware for Tera2 PCoIP Zero Clients and PCoIP Remote Workstation cards.
Updated: 2020-07-03
Statement Date: August 19, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We are continuing to investigate impacts of this vulnerability for some products. We will contact the related customers.
Notified: 2020-04-03 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Treck’s customers can contact us for additional details than what is in the advisory.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Please see Xerox advisory mini bulletin XRX20J dated June 16,2020
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Please see ELMIC’s statement provided in References. Note that this product is also known as KASAGO TCP/IP.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Afero does not currently use Treck’s TCP/IP stack
There are no additional comments at this time.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Apple products are not impacted by this issue.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-08-27 Updated: 2020-06-25
Statement Date: August 27, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Check Point is not vulnerable to the Ripple20 vulnerabilities as we don’t use Treck IP stack.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please reference the Dell Security Notice link provided in the references section.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
IBM has found no impact to these vulnerabilities
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
LANCOM Systems products are not vulnerable to these vulnerabilities. Further information can be found on our website https://www.lancom-systems.de/service-support/soforthilfe/allgemeine-sicherheitshinweise/
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please refer to the Medtronic Security Bulletin linked in the references section below.
Updated: 2020-07-30 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
NVIDIA is not affected by these vulnerabilities.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Philips analysis revealed that we have one product vulnerable to Treck TCP/IP stack vulnerability, however, it is not yet released to the market.
Notified: 2020-10-06 Updated: 2020-10-08
Statement Date: October 08, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
The products of QNAP does not include IP stacks from Treck embedded software.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Sierra Wireless Inc. products are not affected by this vulnerability.
Notified: 2020-05-07 Updated: 2021-02-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Sonicwall has mentioned that Treck stack is not in use in their SonicOS https://community.sonicwall.com/technology-and-support/discussion/931/about-ripple20
Notified: 2020-06-17 Updated: 2020-06-25
Statement Date: June 18, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Please see Synology advisory Synology-SA-20:15
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
This does not apply to Systech. We do not use Treck in any of our products.
There are no additional comments at this time.
Notified: 2020-06-15 Updated: 2020-06-25
Statement Date: June 15, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
None of Technicolor products embeds Treck IP software stack. This includes the products transferred in 2015 from acquisition of Cisco Connected Devices Division.
Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
The TI Product Security Incident Response Team has conducted an analysis and concluded that TI’s products are not impacted by the potential vulnerabilities reported by Treck Inc. The TI PSIRT could not identify any hardware or software products from TI that make use of or contain the Treck Inc. embedded software TCP/IP stack.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
No statement is currently available from the vendor regarding this vulnerability.
There are no additional comments at this time.
Notified: 2020-07-10 Updated: 2020-06-25
Statement Date: August 17, 2020
CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
Xilinx is not affected by these vulnerabilities.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
With a thorough investigation, Zyxel confirms that their products are NOT affected because they do not use any Treck packages.
Notified: 2020-05-14 Updated: 2021-02-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Broadcom APM is not affected by these vulnerabilities. Broadcom’s reference can be found at https://knowledge.broadcom.com/external/article/194508/apm-impact-of-ripple20-vulnerability.html
Updated: 2020-08-06 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-04 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-08-28 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2021-07-13 Updated: 2022-09-20 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-08-31 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-08-19 Updated: 2020-08-20 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-06-16 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-09-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-09-30 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-09-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Updated: 2020-07-03 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-14 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
Notified: 2020-05-07 Updated: 2020-06-25 CVE-2020-0594 | Unknown |
---|---|
CVE-2020-0595 | Unknown CVE-2020-0597 |
We have not received a statement from the vendor.
View all 85 vendors __View less vendors __
CVE IDs: | CVE-2020-0594 CVE-2020-0595 CVE-2020-0597 CVE-2020-11896 CVE-2020-11897 CVE-2020-11898 CVE-2020-11899 CVE-2020-11900 CVE-2020-11901 CVE-2020-11902 CVE-2020-11903 CVE-2020-11904 CVE-2020-11905 CVE-2020-11906 CVE-2020-11907 CVE-2020-11908 CVE-2020-11909 CVE-2020-11910 CVE-2020-11911 CVE-2020-11912 CVE-2020-11913 CVE-2020-11914 CVE-2020-8674 |
---|---|
API URL: | VINCE JSON |
Date Public: | 2020-06-16 Date First Published: |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.054 Low
EPSS
Percentile
93.2%