Ripple20, 19 Zero-Day Vulnerabilities TCP/IP software library

Topic

New Reply

[Alex5723]

“The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more) and include multiple remote code execution vulnerabilities. The risks inherent in this situation are high. ”

CVE-2020-11896 CVE-2020-11898

https://www.jsof-tech.com/ripple20/

• This topic was modified 4 years, 11 months ago by Alex5723.

Reply | Quote

Replies

These are IoT devices, not Windows.

The vulnerabilities are all listed as fixed at least 3 months ago, but user intervention is probably required to apply the update.

cheers, Paul

1 user thanked author for this post.

Alex5723

Reply | Quote

After reading the documents using the links provided by Alex, I still have no idea if my computers are harboring the potential TCP/IP vulnerability described there, be it in the library of some software installed by me or preinstalled by the OEM. Or even know how to find out by myself. So that neither HP nor Apple are mentioned is small relief, because it does not have to be them who have installed vulnerable software or, if they are, that then knew, or know now, it to be vulnerable and have already passed on the bad news to the writers of those documents.

So, is this a case where either one has an IT department staffed by competent software experts that can do all that is needed to take care of this, or one will be better off by never hearing about any of this?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Windows is not affected.
Some HP printers are affected.
Other manufacturers are listed in the doco.

If you have important IoT devices it is worth checking for firmware updates from the manufacturer.

cheers, Paul

Reply | Quote