CVE-2020-11896, CVE-2020-11897, CVE-2020-11901: Ripple20 Zero-Day Vulnerabilities in Treck TCP/IP Libraries Disclosed

The JSOF research lab, a group of researchers who focus on low-level software vulnerabilities, disclosed 19 vulnerabilities they’ve named “Ripple20.” The batch affects an embedded Internet of Things (IoT) TCP/IP software library developed by Treck Inc.

The Ripple20 vulnerabilities exist within the embedded TCP/IP software libraries developed by Treck. These libraries are licensed and used by a broad spectrum of devices manufactured by a number of vendors. JSOF notes that tracking and identifying all of the potentially affected vendors and devices is difficult for both logistical and legal reasons. Their disclosure details just how difficult it was to identify the affected supply chain, as the scope of potential risks was diverse and vast.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.