ID

VAR-202012-0245


CVE

CVE-2020-17437


TITLE

Embedded TCP/IP stacks have memory corruption vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#815128

DESCRIPTION

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33.CVE-2020-13984 Not Affected CVE-2020-13985 Affected CVE-2020-13986 Affected CVE-2020-13987 Affected CVE-2020-13988 Affected CVE-2020-17437 Affected CVE-2020-17438 Affected CVE-2020-17439 Affected CVE-2020-17440 Affected CVE-2020-17441 Not Affected CVE-2020-17442 Not Affected CVE-2020-17443 Not Affected CVE-2020-17444 Not Affected CVE-2020-17445 Not Affected CVE-2020-17467 Not Affected CVE-2020-17468 Not Affected CVE-2020-17469 Not Affected CVE-2020-17470 Not Affected CVE-2020-24334 Affected CVE-2020-24335 Not Affected CVE-2020-24336 Affected CVE-2020-24337 Not Affected CVE-2020-24338 Not Affected CVE-2020-24339 Not Affected CVE-2020-24340 Not Affected CVE-2020-24341 Not Affected CVE-2020-24383 Not Affected CVE-2020-25107 Not Affected CVE-2020-25108 Not Affected CVE-2020-25109 Not Affected CVE-2020-25110 Not Affected CVE-2020-25111 Not Affected CVE-2020-25112 Not Affected CVE-2021-28362 Not AffectedCVE-2020-13984 Not Affected CVE-2020-13985 Affected CVE-2020-13986 Affected CVE-2020-13987 Affected CVE-2020-13988 Affected CVE-2020-17437 Affected CVE-2020-17438 Affected CVE-2020-17439 Affected CVE-2020-17440 Affected CVE-2020-17441 Not Affected CVE-2020-17442 Not Affected CVE-2020-17443 Not Affected CVE-2020-17444 Not Affected CVE-2020-17445 Not Affected CVE-2020-17467 Not Affected CVE-2020-17468 Not Affected CVE-2020-17469 Not Affected CVE-2020-17470 Not Affected CVE-2020-24334 Affected CVE-2020-24335 Not Affected CVE-2020-24336 Affected CVE-2020-24337 Not Affected CVE-2020-24338 Not Affected CVE-2020-24339 Not Affected CVE-2020-24340 Not Affected CVE-2020-24341 Not Affected CVE-2020-24383 Not Affected CVE-2020-25107 Not Affected CVE-2020-25108 Not Affected CVE-2020-25109 Not Affected CVE-2020-25110 Not Affected CVE-2020-25111 Not Affected CVE-2020-25112 Not Affected CVE-2021-28362 Not Affected. Multiple Embedded TCP/IP is an efficient embedded stack developed using a verifiable process and strictly compliant with MISRA coding standards. ========================================================================= Ubuntu Security Notice USN-6259-1 July 27, 2023 open-iscsi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Open-iSCSI. Software Description: - open-iscsi: Open Source iSCSI implementation Details: Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-13987) Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior. (CVE-2020-13988) Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI incorrectly handled certain TCP data. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-17437) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: open-iscsi 2.0.874-7.1ubuntu6.4 Ubuntu 18.04 LTS (Available with Ubuntu Pro): open-iscsi 2.0.874-5ubuntu2.11+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6259-1 CVE-2020-13987, CVE-2020-13988, CVE-2020-17437 Package Information: https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4

Trust: 2.34

sources: NVD: CVE-2020-17437 // CERT/CC: VU#815128 // CNNVD: CNNVD-202012-664 // VULMON: CVE-2020-17437 // PACKETSTORM: 173799

AFFECTED PRODUCTS

vendor:siemensmodel:sentron 3va dsp800scope:ltversion:4.0

Trust: 1.0

vendor:siemensmodel:sentron pac3200scope:ltversion:2.4.7

Trust: 1.0

vendor:siemensmodel:sentron pac2200 clpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sentron pac2200scope:ltversion:3.2.2

Trust: 1.0

vendor:siemensmodel:sentron 3va com800scope:ltversion:4.4.1

Trust: 1.0

vendor:siemensmodel:sentron pac3220scope:ltversion:3.2.0

Trust: 1.0

vendor:uipmodel:uipscope:lteversion:1.0

Trust: 1.0

vendor:open iscsimodel:open-iscsiscope:lteversion:2.1.7

Trust: 1.0

vendor:siemensmodel:sentron 3va com100scope:ltversion:4.4.1

Trust: 1.0

vendor:siemensmodel:sentron pac4200scope:ltversion:2.3.0

Trust: 1.0

vendor:siemensmodel:sentron pac3200tscope:ltversion:3.2.2

Trust: 1.0

sources: NVD: CVE-2020-17437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-17437
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202012-664
value: HIGH

Trust: 0.6

VULMON: CVE-2020-17437
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-17437
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2020-17437
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2020-17437 // CNNVD: CNNVD-202012-664 // NVD: CVE-2020-17437

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2020-17437

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-664

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-664

PATCH

title:uIP-Contiki-OS and uIP Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136802

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=6f577a90958bcf377827f0a4058f673f

Trust: 0.1

title:Brocade Security Advisories: Access Denied Access Deniedurl:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=54887b0d314c8021dc2d190abfce740d

Trust: 0.1

sources: VULMON: CVE-2020-17437 // CNNVD: CNNVD-202012-664

EXTERNAL IDS

db:NVDid:CVE-2020-17437

Trust: 2.6

db:CERT/CCid:VU#815128

Trust: 2.5

db:ICS CERTid:ICSA-20-343-01

Trust: 1.7

db:SIEMENSid:SSA-541018

Trust: 1.7

db:ICS CERTid:ICSA-21-068-06

Trust: 0.7

db:AUSCERTid:ESB-2021.0767

Trust: 0.6

db:AUSCERTid:ESB-2022.4143

Trust: 0.6

db:AUSCERTid:ESB-2021.1235

Trust: 0.6

db:AUSCERTid:ESB-2020.4363

Trust: 0.6

db:CS-HELPid:SB2021122914

Trust: 0.6

db:CNNVDid:CNNVD-202012-664

Trust: 0.6

db:VULMONid:CVE-2020-17437

Trust: 0.1

db:PACKETSTORMid:173799

Trust: 0.1

sources: CERT/CC: VU#815128 // VULMON: CVE-2020-17437 // PACKETSTORM: 173799 // CNNVD: CNNVD-202012-664 // NVD: CVE-2020-17437

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01

Trust: 2.3

url:https://www.kb.cert.org/vuls/id/815128

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf

Trust: 1.7

url:cve-2020-13984

Trust: 0.8

url:cve-2020-13985

Trust: 0.8

url:cve-2020-13986

Trust: 0.8

url:cve-2020-13987

Trust: 0.8

url:cve-2020-13988

Trust: 0.8

url:cve-2020-17437

Trust: 0.8

url:cve-2020-17438

Trust: 0.8

url:cve-2020-17439

Trust: 0.8

url:cve-2020-17440

Trust: 0.8

url:cve-2020-17441

Trust: 0.8

url:cve-2020-17442

Trust: 0.8

url:cve-2020-17443

Trust: 0.8

url:cve-2020-17444

Trust: 0.8

url:cve-2020-17445

Trust: 0.8

url:cve-2020-17467

Trust: 0.8

url:cve-2020-17468

Trust: 0.8

url:cve-2020-17469

Trust: 0.8

url:cve-2020-17470

Trust: 0.8

url:cve-2020-24334

Trust: 0.8

url:cve-2020-24335

Trust: 0.8

url:cve-2020-24336

Trust: 0.8

url:cve-2020-24337

Trust: 0.8

url:cve-2020-24338

Trust: 0.8

url:cve-2020-24339

Trust: 0.8

url:cve-2020-24340

Trust: 0.8

url:cve-2020-24341

Trust: 0.8

url:cve-2020-24383

Trust: 0.8

url:cve-2020-25107

Trust: 0.8

url:cve-2020-25108

Trust: 0.8

url:cve-2020-25109

Trust: 0.8

url:cve-2020-25110

Trust: 0.8

url:cve-2020-25111

Trust: 0.8

url:cve-2020-25112

Trust: 0.8

url:cve-2021-28362

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-17437

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2021.1235

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4143

Trust: 0.6

url:https://vigilance.fr/vulnerability/uip-out-of-bounds-memory-reading-via-uip-process-34721

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122914

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0767

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4363/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-06

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-068-06

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13988

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13987

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6259-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4

Trust: 0.1

sources: CERT/CC: VU#815128 // VULMON: CVE-2020-17437 // PACKETSTORM: 173799 // CNNVD: CNNVD-202012-664 // NVD: CVE-2020-17437

CREDITS

This document was written by Vijay Sarvepalli.Statement Date:   December 08, 2020

Trust: 0.8

sources: CERT/CC: VU#815128

SOURCES

db:CERT/CCid:VU#815128
db:VULMONid:CVE-2020-17437
db:PACKETSTORMid:173799
db:CNNVDid:CNNVD-202012-664
db:NVDid:CVE-2020-17437

LAST UPDATE DATE

2024-11-23T21:19:32.409000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#815128date:2021-05-11T00:00:00
db:VULMONid:CVE-2020-17437date:2022-08-08T00:00:00
db:CNNVDid:CNNVD-202012-664date:2022-08-24T00:00:00
db:NVDid:CVE-2020-17437date:2024-11-21T05:08:06.540

SOURCES RELEASE DATE

db:CERT/CCid:VU#815128date:2020-12-08T00:00:00
db:VULMONid:CVE-2020-17437date:2020-12-11T00:00:00
db:PACKETSTORMid:173799date:2023-07-27T14:33:18
db:CNNVDid:CNNVD-202012-664date:2020-12-08T00:00:00
db:NVDid:CVE-2020-17437date:2020-12-11T23:15:12.683