Details of VAR-202012-0245

ID

VAR-202012-0245

CVE

CVE-2020-17437

TITLE

Embedded TCP/IP stacks have memory corruption vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#815128

DESCRIPTION

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33.CVE-2020-13984 Not Affected CVE-2020-13985 Affected CVE-2020-13986 Affected CVE-2020-13987 Affected CVE-2020-13988 Affected CVE-2020-17437 Affected CVE-2020-17438 Affected CVE-2020-17439 Affected CVE-2020-17440 Affected CVE-2020-17441 Not Affected CVE-2020-17442 Not Affected CVE-2020-17443 Not Affected CVE-2020-17444 Not Affected CVE-2020-17445 Not Affected CVE-2020-17467 Not Affected CVE-2020-17468 Not Affected CVE-2020-17469 Not Affected CVE-2020-17470 Not Affected CVE-2020-24334 Affected CVE-2020-24335 Not Affected CVE-2020-24336 Affected CVE-2020-24337 Not Affected CVE-2020-24338 Not Affected CVE-2020-24339 Not Affected CVE-2020-24340 Not Affected CVE-2020-24341 Not Affected CVE-2020-24383 Not Affected CVE-2020-25107 Not Affected CVE-2020-25108 Not Affected CVE-2020-25109 Not Affected CVE-2020-25110 Not Affected CVE-2020-25111 Not Affected CVE-2020-25112 Not Affected CVE-2021-28362 Not AffectedCVE-2020-13984 Not Affected CVE-2020-13985 Affected CVE-2020-13986 Affected CVE-2020-13987 Affected CVE-2020-13988 Affected CVE-2020-17437 Affected CVE-2020-17438 Affected CVE-2020-17439 Affected CVE-2020-17440 Affected CVE-2020-17441 Not Affected CVE-2020-17442 Not Affected CVE-2020-17443 Not Affected CVE-2020-17444 Not Affected CVE-2020-17445 Not Affected CVE-2020-17467 Not Affected CVE-2020-17468 Not Affected CVE-2020-17469 Not Affected CVE-2020-17470 Not Affected CVE-2020-24334 Affected CVE-2020-24335 Not Affected CVE-2020-24336 Affected CVE-2020-24337 Not Affected CVE-2020-24338 Not Affected CVE-2020-24339 Not Affected CVE-2020-24340 Not Affected CVE-2020-24341 Not Affected CVE-2020-24383 Not Affected CVE-2020-25107 Not Affected CVE-2020-25108 Not Affected CVE-2020-25109 Not Affected CVE-2020-25110 Not Affected CVE-2020-25111 Not Affected CVE-2020-25112 Not Affected CVE-2021-28362 Not Affected. Multiple Embedded TCP/IP is an efficient embedded stack developed using a verifiable process and strictly compliant with MISRA coding standards. ========================================================================= Ubuntu Security Notice USN-6259-1 July 27, 2023 open-iscsi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Open-iSCSI. Software Description: - open-iscsi: Open Source iSCSI implementation Details: Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-13987) Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior. (CVE-2020-13988) Amine Amri and Stanislav Dashevskyi discovered that Open-iSCSI incorrectly handled certain TCP data. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-17437) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: open-iscsi 2.0.874-7.1ubuntu6.4 Ubuntu 18.04 LTS (Available with Ubuntu Pro): open-iscsi 2.0.874-5ubuntu2.11+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.7+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6259-1 CVE-2020-13987, CVE-2020-13988, CVE-2020-17437 Package Information: https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4

Trust: 2.34

sources: NVD: CVE-2020-17437 // CERT/CC: VU#815128 // CNNVD: CNNVD-202012-664 // VULMON: CVE-2020-17437 // PACKETSTORM: 173799

AFFECTED PRODUCTS

vendor:	siemens	model:	sentron pac3200	scope:	lt	version:	2.4.7	Trust: 1.0
vendor:	siemens	model:	sentron pac3220	scope:	lt	version:	3.2.0	Trust: 1.0
vendor:	siemens	model:	sentron 3va com100	scope:	lt	version:	4.4.1	Trust: 1.0
vendor:	open iscsi	model:	open-iscsi	scope:	lte	version:	2.1.7	Trust: 1.0
vendor:	siemens	model:	sentron pac2200	scope:	lt	version:	3.2.2	Trust: 1.0
vendor:	siemens	model:	sentron pac4200	scope:	lt	version:	2.3.0	Trust: 1.0
vendor:	siemens	model:	sentron pac2200 clp	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	sentron pac3200t	scope:	lt	version:	3.2.2	Trust: 1.0
vendor:	uip	model:	uip	scope:	lte	version:	1.0	Trust: 1.0
vendor:	siemens	model:	sentron 3va dsp800	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	sentron 3va com800	scope:	lt	version:	4.4.1	Trust: 1.0

sources: NVD: CVE-2020-17437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-17437
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202012-664
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-17437
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-17437
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2020-17437
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2020-17437 // CNNVD: CNNVD-202012-664 // NVD: CVE-2020-17437

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2020-17437

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-664

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-664

PATCH

title:	uIP-Contiki-OS and uIP Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136802	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=6f577a90958bcf377827f0a4058f673f	Trust: 0.1
title:	Brocade Security Advisories: Access Denied Access Denied	url:	https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=54887b0d314c8021dc2d190abfce740d	Trust: 0.1

sources: VULMON: CVE-2020-17437 // CNNVD: CNNVD-202012-664

EXTERNAL IDS

db:	NVD	id:	CVE-2020-17437	Trust: 2.6
db:	CERT/CC	id:	VU#815128	Trust: 2.5
db:	ICS CERT	id:	ICSA-20-343-01	Trust: 1.7
db:	SIEMENS	id:	SSA-541018	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-068-06	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0767	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4143	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1235	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4363	Trust: 0.6
db:	CS-HELP	id:	SB2021122914	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-664	Trust: 0.6
db:	VULMON	id:	CVE-2020-17437	Trust: 0.1
db:	PACKETSTORM	id:	173799	Trust: 0.1

sources: CERT/CC: VU#815128 // VULMON: CVE-2020-17437 // PACKETSTORM: 173799 // CNNVD: CNNVD-202012-664 // NVD: CVE-2020-17437

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01	Trust: 2.3
url:	https://www.kb.cert.org/vuls/id/815128	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf	Trust: 1.7
url:	cve-2020-13984	Trust: 0.8
url:	cve-2020-13985	Trust: 0.8
url:	cve-2020-13986	Trust: 0.8
url:	cve-2020-13987	Trust: 0.8
url:	cve-2020-13988	Trust: 0.8
url:	cve-2020-17437	Trust: 0.8
url:	cve-2020-17438	Trust: 0.8
url:	cve-2020-17439	Trust: 0.8
url:	cve-2020-17440	Trust: 0.8
url:	cve-2020-17441	Trust: 0.8
url:	cve-2020-17442	Trust: 0.8
url:	cve-2020-17443	Trust: 0.8
url:	cve-2020-17444	Trust: 0.8
url:	cve-2020-17445	Trust: 0.8
url:	cve-2020-17467	Trust: 0.8
url:	cve-2020-17468	Trust: 0.8
url:	cve-2020-17469	Trust: 0.8
url:	cve-2020-17470	Trust: 0.8
url:	cve-2020-24334	Trust: 0.8
url:	cve-2020-24335	Trust: 0.8
url:	cve-2020-24336	Trust: 0.8
url:	cve-2020-24337	Trust: 0.8
url:	cve-2020-24338	Trust: 0.8
url:	cve-2020-24339	Trust: 0.8
url:	cve-2020-24340	Trust: 0.8
url:	cve-2020-24341	Trust: 0.8
url:	cve-2020-24383	Trust: 0.8
url:	cve-2020-25107	Trust: 0.8
url:	cve-2020-25108	Trust: 0.8
url:	cve-2020-25109	Trust: 0.8
url:	cve-2020-25110	Trust: 0.8
url:	cve-2020-25111	Trust: 0.8
url:	cve-2020-25112	Trust: 0.8
url:	cve-2021-28362	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17437	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2021.1235	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4143	Trust: 0.6
url:	https://vigilance.fr/vulnerability/uip-out-of-bounds-memory-reading-via-uip-process-34721	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021122914	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0767	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4363/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-068-06	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-068-06	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13988	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13987	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6259-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/open-iscsi/2.0.874-7.1ubuntu6.4	Trust: 0.1

sources: CERT/CC: VU#815128 // VULMON: CVE-2020-17437 // PACKETSTORM: 173799 // CNNVD: CNNVD-202012-664 // NVD: CVE-2020-17437

CREDITS

This document was written by Vijay Sarvepalli.Statement Date: December 08, 2020

Trust: 0.8

sources: CERT/CC: VU#815128

SOURCES

db:	CERT/CC	id:	VU#815128
db:	VULMON	id:	CVE-2020-17437
db:	PACKETSTORM	id:	173799
db:	CNNVD	id:	CNNVD-202012-664
db:	NVD	id:	CVE-2020-17437

LAST UPDATE DATE

2024-08-14T13:04:10.997000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#815128	date:	2021-05-11T00:00:00
db:	VULMON	id:	CVE-2020-17437	date:	2022-08-08T00:00:00
db:	CNNVD	id:	CNNVD-202012-664	date:	2022-08-24T00:00:00
db:	NVD	id:	CVE-2020-17437	date:	2022-08-08T14:57:57.177

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#815128	date:	2020-12-08T00:00:00
db:	VULMON	id:	CVE-2020-17437	date:	2020-12-11T00:00:00
db:	PACKETSTORM	id:	173799	date:	2023-07-27T14:33:18
db:	CNNVD	id:	CNNVD-202012-664	date:	2020-12-08T00:00:00
db:	NVD	id:	CVE-2020-17437	date:	2020-12-11T23:15:12.683