Vulnerability Name:

CVE-2020-13988 (CCN-192753)

Assigned:2020-12-08
Published:2020-12-08
Updated:2020-12-16
Summary:An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-190
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-13988

Source: CCN
Type: US-CERT VU#815128
Embedded TCP/IP stacks have memory corruption vulnerabilities

Source: CCN
Type: Siemens Security Advisory SSA-541017
Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC Devices

Source: XF
Type: UNKNOWN
tcpipstacks-cve202013988-dos(192753)

Source: CCN
Type: uip GIT Repository
uIP

Source: CCN
Type: contiki GIT Repository
The Contiki Operating System

Source: CCN
Type: open-iscsi GIT Repository
open-iscsi

Source: CCN
Type: ICSA-20-343-01
Multiple Embedded TCP/IP Stacks

Source: MISC
Type: Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Source: CCN
Type: ICSA-20-343-05
Siemens Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33)

Source: CCN
Type: Forescout Web site
AMNESIA:33

Source: MISC
Type: Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/815128

Source: CCN
Type: Siemens Web site
ENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5

Vulnerable Configuration:Configuration 1:
  • cpe:/o:contiki-ng:contiki-ng:*:*:*:*:*:*:*:* (Version <= 3.0)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7532
    P
    		iscsiuio-0.7.8.6-150500.44.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:2954
    P
    		iscsiuio-0.7.8.6-150400.37.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94584
    P
    		iscsiuio-0.7.8.6-150400.37.6 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:85
    P
    		iscsiuio-0.7.8.6-30.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:102283
    P
    		Security update for php7 (Important)
    2022-03-15
    oval:org.opensuse.security:def:112444
    P
    		iscsiuio-0.7.8.6-80.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:99437
    P
    		 (Important)
    2021-12-06
    oval:org.opensuse.security:def:105950
    P
    		iscsiuio-0.7.8.6-80.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:1014
    P
    		iscsiuio-0.7.8.6-30.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71844
    P
    		iscsiuio-0.7.8.6-30.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100861
    P
    		iscsiuio-0.7.8.6-30.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62103
    P
    		iscsiuio-0.7.8.6-30.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:99636
    P
    		 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:99941
    P
    		 (Moderate)
    2021-05-05
    oval:org.opensuse.security:def:9304
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:99043
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:93191
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:96839
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:91898
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:67532
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:10238
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:8559
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:92686
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:69827
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:9488
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:99238
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:95570
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:92093
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:67557
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:8737
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:92885
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:70198
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:9687
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:6443
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:92288
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:69444
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:8932
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:98848
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:93038
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:70378
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:10058
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:6468
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:108949
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:92487
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:69628
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:59595
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:34641
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:125658
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:89250
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:24025
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:59853
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:126826
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:89508
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:33772
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:60464
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:88252
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:127223
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:52013
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:34030
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:5963
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    oval:org.opensuse.security:def:88569
    P
    		Security update for open-iscsi (Important)
    2021-03-01
    BACK
    contiki-ng contiki-ng *