LiveActive security incident?Get immediate response
CVE Record

CVE-2020-11899: The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

MediumCVSS 5.4Known exploitedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2020-11899 affects the Treck TCP/IP stack, software embedded in many networked products. A flawed IPv6 handling path can read memory outside expected bounds. The score is medium, but CISA KEV status raises urgency because exploitation is known, and embedded supply-chain exposure can be hard to inventory.

Executive priority

Treat this as high priority for asset owners managing embedded, network, IoT, or operational technology devices. The business risk is less about one web server and more about hidden supply-chain exposure across appliances with slow patch cycles and known exploitation status.

Technical view

The issue is a CWE-125 out-of-bounds read in the Treck TCP/IP stack before 6.0.1.66. CVSS 3.1 is 5.4 with adjacent-network attack vector, low complexity, no privileges, and no user interaction. Recorded impacts are low integrity and availability impact, with no confidentiality impact in the supplied vector.

Likely exposure

Exposure is most likely in products embedding Treck TCP/IP stack versions before 6.0.1.66, especially IPv6-enabled network, IoT, industrial, or appliance devices. The bundle does not provide concrete CPEs, so confirm exposure through vendor advisories, SBOMs, firmware notes, or supplier attestations.

Exploitation context

The source bundle marks this CVE as CISA KEV and includes the CISA KEV catalog link, supporting known exploitation. The supplied sources do not describe exploitation volume, targeted sectors, or technical exploitation details, so those points should not be assumed.

Researcher notes

Do not rely on the generic affected field, which lists vendor and product as n/a. Use the Treck version threshold, Ripple20 context, and vendor advisories to scope exposure. Evidence supports known exploitation via KEV, but the bundle lacks exploit mechanics and product-specific fix details.

Mitigation direction

  • Prioritize assets from vendors with Treck/Ripple20 advisories, including Cisco, Intel, Aruba, NetApp, and Dell.
  • Check vendor firmware or product advisories for fixed releases or compensating controls.
  • Upgrade embedded Treck TCP/IP stack usage to version 6.0.1.66 or later where directly managed.
  • Restrict adjacent-network access to IPv6-capable management and device interfaces where feasible.
  • Disable unused IPv6 exposure only when vendor guidance confirms it is safe.

Validation and detection

  • Inventory products and firmware that include Treck TCP/IP stack or Ripple20 advisories.
  • Compare firmware versions against each vendor’s CVE-2020-11899 guidance.
  • Confirm whether IPv6 is enabled on potentially affected interfaces.
  • Review network segmentation for adjacent access to affected devices.
  • Track CISA KEV remediation deadlines if the organization is subject to BOD 22-01.
Prepared
Confidence
medium
Sources
8

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-125: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2020-11899 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.4 (3.1)
Known Exploited
Yes
Published

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
11Source links

CISA KEV status

Status
Known exploited
Source
CISA / ADP
Date added
Not provided

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.4CVSS 3.1MediumCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L2.82.5Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

5.4Medium
CVSS 3.1 vector shape for CVE-2020-11899Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-125 · source CWE mapping

Out-of-bounds Read

Out-of-bounds Read represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.