MidnightBSD

Advisories for treck

CVE-2020-10136 MEDIUM

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,CWE-290,

Products Affected

Vendor Product Version
cisco nx-os 7.1(0)n1(1)
cisco nx-os 6.0(2)u2(4)
cisco nx-os 5.2(1)n1(5)
cisco nx-os 6.0(2)u5(1)
cisco nx-os 7.3(0)d1(1)
cisco nx-os 5.2(1)sk3(2.1a)
cisco nx-os 6.2(22)
cisco nx-os 6.0(2)u2(1)
cisco nx-os 5.2(1)n1(9)
cisco nx-os 7.3(2)n1(1b)
cisco nx-os 6.0(2)u2(6)
cisco nx-os 5.2(1)sv3(4.1)
cisco nx-os 6.0(2)n1(1a)
cisco nx-os 7.3(7)n1(1a)
cisco nx-os 6.0(2)u1(1)
cisco nx-os 6.1(2)i1(2)
cisco nx-os 6.2(6b)
cisco nx-os 6.0(2)a1(1f)
cisco nx-os 7.0(8)n1(1a)
cisco nx-os 5.0(3)u5(1f)
treck tcp/ip *
cisco nx-os 6.0(2)a4(5)
cisco nx-os 7.0(3)i1(1b)
cisco nx-os 6.1(2)i3(3a)
cisco nx-os 7.3(0)dx(1)
cisco nx-os 7.1(3)n1(2a)
cisco nx-os 5.0(3)u1(1b)
hp x3220nr_firmware *
cisco nx-os 7.1(3)n1(4)
cisco nx-os 7.3(0)n1(1b)
cisco nx-os 7.3(1)d1(1)
cisco nx-os 6.0(2)a3(1)
cisco nx-os 6.2(20)
cisco nx-os 6.0(2)u1(1a)
cisco nx-os 5.2(1)n1(1)
cisco nx-os 5.2(1)sm1(5.2a)
cisco nx-os 6.1(2)i2(1)
cisco nx-os 6.0(2)a3(2)
cisco nx-os 7.1(1)n1(1a)
cisco nx-os 6.1(2)i1(3)
cisco nx-os 7.2(2)d1(2)
cisco nx-os 7.1(2)n1(1)
cisco nx-os 5.2(1)sv3(4.1b)
cisco nx-os 7.0(5)n1(1)
cisco nx-os 6.0(2)a1(1b)
cisco nx-os 7.1(3)n1(2)
cisco nx-os 5.2(1)n1(9b)
cisco nx-os 6.2(14a)
cisco nx-os 7.3(4)n1(1a)
cisco nx-os 5.0(3)u3(2a)
cisco nx-os 6.2(24)
cisco nx-os 7.2(1)n1(1)
cisco nx-os 7.0(4)n1(1)
cisco nx-os 5.2(1)sm3(1.1a)
cisco nx-os 5.2(1)sv3(2.5)
cisco nx-os 7.1(3)n1(1)
cisco nx-os 5.0(3)u1(2a)
cisco nx-os 7.0(3)n1(1)
cisco nx-os 5.2(1)n1(3)
cisco nx-os 6.2(10)
cisco nx-os 7.2(2)d1(3)
cisco nx-os 5.2(7)
cisco nx-os 7.3(5)d1(1)
cisco nx-os 6.2(14b)
cisco nx-os 5.2(1)sv3(3.1)
cisco nx-os 5.2(1)sv3(4.1a)
cisco nx-os 6.1(2)i3(3)
cisco nx-os 5.2(1)sv3(2.8)
cisco nx-os 6.0(2)u4(2)
cisco nx-os 6.2(20a)
cisco nx-os 6.2(12)
cisco nx-os 5.2(1)sm3(1.1b)
cisco nx-os 6.0(2)u4(1)
cisco nx-os 5.2(1)sv3(1.1)
cisco nx-os 6.0(2)n2(3)
cisco nx-os 7.0(6)n1(1)
cisco nx-os 6.0(2)a4(3)
cisco nx-os 7.3(0)n1(1)
cisco nx-os 5.0(3)u2(2c)
cisco nx-os 5.0(3)u5(1g)
cisco nx-os 5.0(3)u2(2)
cisco nx-os 5.2(1)sv3(1.5a)
cisco nx-os 7.0(4)n1(1a)
cisco nx-os 5.0(3)u2(2a)
cisco nx-os 6.2(8b)
cisco nx-os 5.2(9)
cisco nx-os 7.3(5)n1(1)
cisco nx-os 7.0(7)n1(1b)
cisco nx-os 6.2(16)
cisco nx-os 5.2(5)
cisco nx-os 7.3(2)n1(1c)
cisco nx-os 6.0(2)a3(4)
cisco nx-os 5.2(3)
cisco nx-os 7.3(7)n1(1)
cisco nx-os 7.0(8)n1(1)
cisco nx-os 6.0(2)a1(1c)
cisco nx-os 5.2(1)sm1(5.2b)
cisco nx-os 5.2(1)sm3(2.1)
cisco nx-os 6.1(2)i2(3)
cisco nx-os 7.0(6)n1(2s)
cisco nx-os 7.1(4)n1(1d)
cisco nx-os 5.2(1)n1(6)
cisco nx-os 6.0(2)u2(4.92.4z)
cisco nx-os 6.0(2)n2(2)
cisco nx-os 7.3(6)d1(1)
cisco nx-os 5.2(1)sm3(1.1)
cisco nx-os 5.0(3)a1(2a)
cisco nx-os 7.1(0)n1(1b)
cisco nx-os 7.1(2)n1(1a)
cisco nx-os 5.2(1)sv3(3.15)
cisco nx-os 7.1(5)n1(1)
cisco nx-os 6.1(2)i3(2)
cisco nx-os 5.2(1)n1(2)
digi saros *
cisco nx-os 5.0(3)u5(1b)
cisco nx-os 6.0(2)a4(4)
cisco nx-os 7.3(2)n1(1)
cisco nx-os 5.2(1)sm3(1.1c)
cisco nx-os 6.0(2)n2(5a)
cisco nx-os 6.0(2)u3(3)
cisco nx-os 7.1(1)n1(1)
cisco nx-os 5.0(3)u2(2d)
cisco nx-os 5.2(1)sk3(2.2b)
cisco nx-os 5.2(1)sv3(1.5b)
cisco nx-os 6.2(18)
cisco nx-os 5.2(1)sk3(1.1)
cisco nx-os 7.0(6)n1(3s)
cisco nx-os 7.3(2)d1(2)
cisco nx-os 6.0(2)a1(2d)
cisco nx-os 7.3(3)n1(1)
cisco nx-os 6.1(2)i3(1)
cisco nx-os 5.0(3)u1(1d)
cisco nx-os 6.1(2)i2(2)
cisco nx-os 7.0(3)i1(1a)
cisco nx-os 5.0(3)u3(2)
cisco nx-os 5.2(1)n1(2a)
cisco nx-os 7.3(2)d1(1d)
cisco nx-os 7.3(6)n1(1)
cisco nx-os 6.0(2)n1(2)
cisco ucs_manager 3.2(3n)a
cisco nx-os 7.3(4)d1(1)
cisco nx-os 5.0(3)u5(1c)
cisco nx-os 5.0(3)u5(1)
cisco nx-os 6.0(2)u3(8)
cisco nx-os 6.0(2)u2(3)
cisco nx-os 6.2(6)
cisco nx-os 6.2(14)
cisco nx-os 7.3(2)d1(1)
cisco nx-os 6.1(2)i2(2a)
cisco nx-os 7.1(4)n1(1)
cisco nx-os 5.0(3)u1(1c)
cisco nx-os 6.1(2)i2(2b)
cisco nx-os 5.0(3)u5(1i)
cisco nx-os 7.1(4)n1(1c)
cisco nx-os 5.2(1)sv5(1.2)
cisco nx-os 5.2(1)n1(9a)
cisco nx-os 7.3(6)n1(1a)
cisco nx-os 7.3(4)n1(1)
cisco unified_computing_system -
cisco nx-os 6.0(2)u3(6)
cisco nx-os 7.3(1)n1(1)
cisco nx-os 6.0(2)n1(2a)
cisco nx-os 7.0(1)n1(1)
cisco nx-os 6.2(8a)
cisco nx-os 7.1(5)n1(1b)
cisco nx-os 6.0(2)a1(1d)
cisco nx-os 6.0(2)n2(1b)
cisco nx-os 5.2(1)sm1(5.2c)
cisco nx-os 5.0(3)u5(1d)
cisco nx-os 7.0(3)i1(1)
cisco nx-os 5.0(3)u5(1j)
cisco nx-os 5.2(1)n1(1b)
cisco nx-os 5.2(1)sv3(1.10)
cisco nx-os 5.0(3)u2(2b)
cisco nx-os 5.0(3)u1(2)
cisco nx-os 6.0(2)n2(1)
cisco nx-os 5.2(1)n1(4)
cisco nx-os 5.2(1)sk3(2.1)
cisco nx-os 7.1(3)n1(3)
cisco nx-os 5.2(1)sm1(5.1)
cisco nx-os 5.0(3)a1(1)
cisco nx-os 7.1(0)n1(1a)
cisco nx-os 7.1(4)n1(1a)
cisco nx-os 7.0(3)i1(1z)
cisco nx-os 5.2(1)sv3(1.2)
cisco nx-os 6.2(2)
cisco nx-os 7.2(0)d1(1)
cisco nx-os 6.0(2)u2(2)
cisco nx-os 5.0(3)u5(1h)
cisco nx-os 5.0(3)u4(1)
cisco nx-os 7.0(6)n1(4s)
cisco nx-os 5.2(1)sv5(1.3)
cisco nx-os 6.0(2)u3(1)
cisco nx-os 6.0(2)u4(4)
cisco nx-os 5.2(1)sv3(2.1)
cisco nx-os 6.0(2)u3(9)
cisco nx-os 7.2(2)d1(1)
cisco nx-os 6.0(2)u1(3)
cisco nx-os 7.3(2)d1(3)
cisco nx-os 6.0(2)a4(1)
cisco nx-os 5.0(3)u5(1e)
cisco nx-os 5.2(1)sv3(1.15)
cisco nx-os 5.2(4)
cisco nx-os 6.0(2)n2(4)
cisco nx-os 6.0(2)u4(3)
cisco nx-os 5.2(3a)
cisco nx-os 6.0(2)u1(4)
cisco nx-os 5.2(9a)
cisco nx-os 6.0(2)a4(6)
cisco nx-os 5.0(3)u1(1)
cisco nx-os 6.0(2)u3(4)
cisco nx-os 6.0(2)u3(2)
cisco nx-os 6.0(2)u2(5)
cisco nx-os 6.0(2)n2(5)
cisco nx-os 6.2(8)
cisco nx-os 5.2(1)sv3(1.6)
cisco nx-os 6.0(2)a1(1e)
cisco nx-os 5.2(1)n1(8b)
cisco nx-os 7.0(7)n1(1a)
cisco nx-os 5.2(1)n1(8a)
cisco nx-os 6.2(2a)
cisco nx-os 7.0(0)n1(1)
cisco nx-os 5.0(3)u1(1a)
cisco nx-os 7.3(0)n1(1a)
cisco nx-os 5.2(1)
cisco nx-os 5.2(1)sk3(2.2)
cisco nx-os 7.0(5)n1(1a)
cisco nx-os 6.0(2)u1(2)
cisco nx-os 6.0(2)a1(1)
cisco nx-os 6.0(2)u3(7)
cisco nx-os 7.2(2)d1(4)
cisco nx-os 5.2(1)n1(7)
cisco nx-os 7.0(7)n1(1)
cisco nx-os 7.3(3)d1(1)
cisco nx-os 6.0(2)n2(5b)
cisco nx-os 6.0(2)u3(5)
cisco nx-os 5.2(1)sv5(1.1)
cisco nx-os 5.0(3)u5(1a)
cisco nx-os 5.0(3)a1(2)
cisco nx-os 6.0(2)n1(1)
cisco nx-os 7.0(2)n1(1)
cisco nx-os 6.0(2)n2(6)
cisco nx-os 5.2(1)n1(8)
cisco nx-os 6.0(2)a4(2)
cisco nx-os 5.2(1)sv3(1.4)
cisco nx-os 6.2(6a)
cisco nx-os 7.1(3)n1(5)
cisco nx-os 5.0(3)u3(2b)
cisco nx-os 5.2(1)sv3(1.3)
cisco nx-os 5.0(3)u3(1)
cisco nx-os 5.2(1)n1(1a)
cisco nx-os 7.2(1)d1(1)
cisco nx-os 6.0(2)n2(7)
cisco nx-os 6.0(2)a1(1a)
cisco nx-os 5.0(3)u2(1)
cisco nx-os 7.3(2)d1(3a)
cisco nx-os 5.2(1)sv3(1.4b)
cisco nx-os 5.2(1)sm1(5.2)
CVE-2020-11896 HIGH

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11897 HIGH

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11898 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11899 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
dell wyse_7030_firmware -
dell wyse_5030_firmware -
dell wyse_5050_all-in-one_firmware -
treck tcp/ip *
CVE-2020-11900 MEDIUM

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11901 HIGH

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-131,CWE-330,CWE-787,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11902 HIGH

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11903 LOW

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11904 HIGH

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,CWE-190,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11905 LOW

The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11906 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11907 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11908 LOW

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11909 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,CWE-191,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11910 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11911 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11912 LOW

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11913 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-11914 LOW

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-25066 HIGH

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
treck tcp/ip *
CVE-2020-27336 MEDIUM

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cve@mitre.org 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,CWE-125,

Products Affected

Vendor Product Version
treck ipv6 *
CVE-2020-27337 HIGH

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-787,CWE-787,

Products Affected

Vendor Product Version
treck ipv6 *
CVE-2020-27338 MEDIUM

An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.9 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 1.6 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
treck ipv6 *