Guest

Preview Tool

Cisco Bug: CSCvu68945 - Evaluation of staros for Treck ip stack vulnerabilities

Last Modified

Oct 10, 2020

Products (2)

  • Cisco ASR 5000 Series
  • Cisco ASR 5000 Series

Known Affected Releases

20.2.17 20.3.5 20.4.T0.76476 20.9.1 21.1.11 21.10.0 21.10.6 21.11.15 21.12.19 21.13.21 21.14.22 21.15.42 21.15.45 21.16.5 21.16.6 21.17.10 21.17.8 21.18.6 21.18.7 21.19.4 21.19.5 21.19.n3 21.2.13 21.20.1 21.20.2 21.21.0 21.3.23 21.4.0 21.4.18 21.5.27 21.6.16 21.7.14 21.8.12 21.9.13

Description (partial)

Symptom:
This bug has been filed to evaluate the product against the vulnerabilities affecting the Treck IP Stack disclosed on June 16th and known as Ripple20.

Cisco has reviewed this product and concluded that it is affected by the following vulnerabilities as it contains a vulnerable version of the Treck IP Stack:

    CVE-2020-11896: Malformed IPv4 Tunneled Packets Processing Remote Code Execution Vulnerability
    CVE-2020-11898: Malformed IPv4 Packets Processing Out-of-Bounds Read Vulnerability
    CVE-2020-11899: Improper Input Validation in IPv6 Out-of-Bounds Read Vulnerability
    CVE-2020-11900: IPv4 Tunneling Component Double-Free Vulnerability
    CVE-2020-11907: Improper Packet Length Checks Integer Underflow Vulnerability
    CVE-2020-11909: Improper Input Validation in IPv4 Component
    CVE-2020-11912: Improper Input Validation in TCP Component
    CVE-2020-11913: Improper Input Validation in IPv6 Component


The product however is not affected by the following vulnerabilities:

    CVE-2020-11897: Malformed IPv6 Packets Processing Out-of-Bounds Read and Write Vulnerability
    CVE-2020-11901: DNS Response Processing Remote Code Execution Vulnerability
    CVE-2020-11902: Out-of-Bounds Read When Processing IPv6 over IPv4 Packets
    CVE-2020-11903: Out-of-Bounds Read Processing DHCP Response
    CVE-2020-11904: Integer Overflow in Memory Allocation
    CVE-2020-11905: DHCPv6 Out-of-Bounds Read Vulnerability
    CVE-2020-11906: Ethernet Link Layer Component Integer Underflow Vulnerability
    CVE-2020-11908: Improper Null Termination in DHCP Component
    CVE-2020-11910: Improper Input Validation in ICMPv4 Component
    CVE-2020-11911: Improper Access Control in ICMPv4 Component
    CVE-2020-11914: Improper Input Validation in ARP Component

Conditions:
Cisco ASR5000 Series products (ASR5000, ASR5500, VPC-DI and VPC-SI) for all services except what excluded below:
 - Services MME, SGSN, ePDG, SaMOG, SGW and UPF and  are not affected by any of the above vulnerabilities as they do not rely on the Treck IP stack for networking.
 - The management plane of StarOS is not affected by any of the above vulnerabilities as it does not rely on the Treck IP stack for networking.

In addition to the conditions listed above for deployment to be affected it is necessary to have configured ANY of the following features:
 
URL-based Re-addressing
identifiable in config by presence of line:
 flow action url-readdress server [...]

SIP ALG NAT Inspection
identifiable in config by presence of line:
 firewall nat-alg sip [...]

H323 ALG NAT Inspection
identifiable in config by presence of line:
 firewall nat-alg h323 [...]

CUSP - Inline TCP Optimization
identifiable in config by presence of line:
 tcp-acceleration  [...]
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.