Treck/Kasago Network Stack Detection With IP Option.

info Nessus Plugin ID 138615
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


Attempts to detect the Treck/Kasago network stack.


This plugin leverages one of the Ripple20 vulnerabilities (CVE-2020-11909) to determine if the Treck or Kasago TCP/IP stack is running on the remote host. It can be used for discovery of hosts in the environment that utilize the Treck or Kasago TCP/IP stack.
The plugin cannot determine if the patch for Ripple20 vulnerabilities was applied on the host.

Note that this plugin is based on a script provided by JSOF (

This plugin sends malformed packets to the remote host and looks for a response that could indicate a Treck/Kasago TCP/IP stack.

If the remote host fails to respond, the plugin cannot make a determination.

It's possible that a middle device (i.e., firewall or router) between Nessus and the target detects the malformed packets and does not forward them to the target. In this case, this plugin may not able to detect the Treck/Kasago TCP/IP stack or may produce incorrect results.

For the plugin to function effectively and not be impacted by intermediate devices on the network, the hosts being scanned should be on the same network segment as the scanner.

See Also

Plugin Details

Severity: Info

ID: 138615

File Name: treck_ip_opt7.nbin

Version: 1.12

Type: remote

Published: 7/20/2020

Updated: 7/12/2021

Dependencies: treck_detect.nbin

Configuration: Enable paranoid mode

Vulnerability Information

CPE: x-cpe:/a:treck:tcp_ip

Required KB Items: Settings/ParanoidReport