CVE-2020-11897

Vulnerability

CVE-2020-11897 is an out-of-bounds write vulnerability in the Treck TCP/IP stack versions before 5.0.1.35. The flaw resides in the IPv6 packet parsing logic and can be triggered by sending multiple malformed IPv6 packets to an affected device [1][2]. Embedded systems from vendors like Dell and Cisco that integrate the Treck stack are potentially affected [3][4].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a sequence of specially crafted IPv6 packets to a target device running a vulnerable Treck IP stack [1][2]. No prior authentication or network access beyond the ability to send IPv6 packets is required. The attacker does not need user interaction; the exploit occurs entirely over the network [1][2].

Impact

Successful exploitation leads to an out-of-bounds write, which could allow an attacker to cause a denial of service, disclose sensitive information, or achieve remote code execution [1][2]. The exact impact depends on the specific embedded system configuration and the memory protections in place [1][2]. In worst-case scenarios, an attacker might gain full control of the device [1][2].

Mitigation

Treck has released updated versions of the IP stack (6.0.1.67 or later) that address this vulnerability [1][2]. Downstream users should contact their embedded system vendor for patched firmware. Cisco has published fixed releases for affected products [4], and Dell has issued advisories for affected client platforms and Teradici firmware [3]. As of the publication date (June 2020), no workaround has been released that fully mitigates the risk other than applying updates [1][2].