Treck TCP/IP Stack (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of this vulnerability may allow remote code execution and a denial-of-service condition.

CVE-2020-25066 CVE-2020-27337 CVE-2020-27338 CVE-2020-27336

Treck recommends users apply the latest version of the affected products (Treck TCP/IP 6.0.1.68 or later versions). To obtain patches, email [email protected]
Treck recommends users who cannot apply the latest patches to implement firewall rules to filter out packets that contain a negative content length in the HTTP header.
For more detailed information on the vulnerabilities and the mitigating controls, please see the Treck advisory.

Treck Inc

Treck Inc · TCP/IP stack IPv6 <= 6.0.1.67

Treck Inc · TCP/IP stack HTTP Server <= 6.0.1.67

Treck Inc · TCP/IP stack DHCPv6 <= 6.0.1.67

Critical Manufacturing, Information Technology, Healthcare and Public Health, Transportation Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.