CVE-2020-11901

Vulnerability

CVE-2020-11901 is a remote code execution vulnerability in the Treck TCP/IP stack versions prior to 6.0.1.66 [1]. The bug is triggered by processing a single invalid DNS response, which causes a memory corruption that can be exploited for arbitrary code execution [1]. The vulnerability resides in the DNS response parsing logic of the Treck stack and is reachable when the affected device performs DNS resolution [1].

Exploitation

An unauthenticated, remote attacker can send a specially crafted DNS response to a vulnerable device that performs DNS lookups [1]. No prior authentication or special network position is required, as the attacker only needs to deliver a malicious DNS reply to the target [1]. The exploitation step is a single malformed DNS response [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the target device with the privileges of the Treck stack process [1]. This can lead to full compromise of the device, including data disclosure, denial of service, or further lateral movement depending on the device's role in the network [1].

Mitigation

Treck has released version 6.0.1.67 (and later) of the IP stack to address this vulnerability [1]. Vendors that use the Treck stack, such as Cisco and Dell, have issued advisories and patches for affected products [2][3][4]. Users should update to the latest patched version provided by their device vendor or apply network-level mitigations such as deep packet inspection to block malformed DNS responses [1][2][4].