• EXECUTIVE SUMMARY


    • Ripple20 is a collection of 19 CVEs disclosed by JSOF that affect the Treck TCP/IP stack. It has proven to be one of the most widespread vulnerabilities and is elusive to traditional detection techniques due to the many variants spread out over many years of releases. According to JSOF, this series of vulnerabilities affects hundreds of millions of devices and includes multiple remote execution code vulnerabilities, which would allow an attacker to gain complete control over a target device remotely.

    • Given the serious nature of the vulnerabilities and how they would affect our industry partners, Finite State chose to look into CVE-2020-11896, and CVE2020-11901, which were the two primary Remote Code Execution (RCE) vulnerabilities presented in the disclosure. They also have the highest CVSS scores of the series. CVSS uses exploitability, scope, and impact metrics to calculate a score between 0 and 10. The scores for the two RCE vulnerabilities were ranked as Critical impact with scores of 10.0 and 9.0 respectively.



















By clicking 'Download Now' you agree to our Terms of Use. We take your privacy seriously. For more information please read our Privacy Policy. By registering with the Enterprise Guide you will automatically receive our weekly Product Update and Technology Insider eNewsletters.

Copyright 2021 Enterprise Guide. All Rights Reserved. Terms of Use | Privacy Policy