CVE-2020-11911
Description
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper ICMPv4 access control in Treck TCP/IP stack before 6.0.1.66 allows remote unauthenticated attackers to cause denial of service, information disclosure, or code execution.
Vulnerability
The Treck TCP/IP stack before version 6.0.1.66 contains an improper ICMPv4 access control vulnerability (CVE-2020-11911). This issue arises due to insufficient validation of ICMPv4 packets, allowing an attacker to bypass intended access restrictions. The vulnerability is present in the Treck IP stack, which is widely used in embedded systems, including those from vendors such as Dell and Cisco [1].
Exploitation
An attacker can exploit this vulnerability by sending specially crafted ICMPv4 packets to a vulnerable device. No authentication is required, and the attacker only needs network access to the target. The attack can be performed remotely over the network without user interaction [1].
Impact
Successful exploitation could lead to denial of service, information disclosure, or arbitrary code execution. The exact impact depends on the specific implementation and configuration of the Treck stack in the affected device. In many cases, a remote unauthenticated attacker could gain full control of the device [1][4].
Mitigation
Treck has released version 6.0.1.67 to address this vulnerability. Users should update to the latest stable version. Additional mitigations include blocking anomalous IP traffic via deep packet inspection and ensuring that firewalls drop malformed packets. Vendors such as Dell and Cisco have provided updates for their affected products [1][3][4].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Treck/TCP/IP stackdescription
- Range: <6.0.1.66
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyCmitrevendor-advisoryx_refsource_CISCO
- www.kb.cert.org/vuls/id/257161mitrethird-party-advisoryx_refsource_CERT-VN
- www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txtmitrex_refsource_CONFIRM
- jsof-tech.com/vulnerability-disclosure-policy/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20200625-0006/mitrex_refsource_CONFIRM
- support.hpe.com/hpesc/public/docDisplaymitrex_refsource_MISC
- www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilitiesmitrex_refsource_MISC
- www.jsof-tech.com/ripple20/mitrex_refsource_MISC
- www.kb.cert.org/vuls/id/257161/mitrex_refsource_MISC
- www.treck.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.