https://www.treck.com

https://jsof-tech.com/vulnerability-disclosure-policy/

https://www.jsof-tech.com/ripple20/

https://www.kb.cert.org/vuls/id/257161/

20200617 Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt

https://security.netapp.com/advisory/ntap-20200625-0006/

https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf

VU#257161

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04012en_us

https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities

The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service (DoS), and information disclosure by remote, unauthenticated attackers.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Multiple security vulnerabilities have been identified in Integrated Lights-Out firmware generation 3 (iLO 3) prior to version 1.93, generation 4 (iLO 4) prior to version 2.75, and generation 5 (iLO 5) prior to version 2.18. Superdome generation 4 versions prior to 1.64 and Moonshot/Edgeline generation 5 versions prior to 2.30 are also vulnerable. The vulnerabilities could be remotely exploited to execute code, cause denial of service, and expose sensitive information.

Note: These vulnerabilities are collectively named Ripple20. iLO 3, iLO4, and iLO 5 are only exposed to a portion of the Ripple20 vulnerabilities.

According to its self-reported version, Cisco ASR and Virtual Packet Core StarOS software is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service (DoS), and information disclosure by remote, unauthenticated attackers.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

This plugin detects the usage of the Treck TCP/IP stack by the host thereby indicating that it could be potentially vulnerable to the Ripple20 vulnerabilities. Patches are being slowly rolled out by vendors and we will release plugins for patches as they are released by the vendors. In the interim, if you have applied the patches from the vendor for the Ripple20 vulnerabilities on this host, please recast the severity of this plugin.

Note: This plugin requires ICMP traffic to be unblocked between the scanner and the host

ID	Name	Product	Family	Severity
151188	ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)	Nessus	Misc.	critical
140770	HP iLO 3 < 1.93 / HP iLO 4 < 2.75 / HP iLO Superdome 4 < 1.64 / HP iLO 5 < 2.18 / HP Moonshot/Edgeline iLO 5 < 2.30 Ripple20 Multiple vulnerabilities	Nessus	CGI abuses	critical
139545	Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 (cisco-sa-treck-ip-stack-JyBQ5GyC)	Nessus	CISCO	critical
137702	Treck TCP/IP stack multiple vulnerabilities. (Ripple20)	Nessus	Misc.	critical

CVE-2020-11896

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical