search menu icon-carat-right cmu-wordmark

CERT Coordination Center

pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

Vulnerability Note VU#782301

Original Release Date: 2020-03-04 | Last Revised: 2020-03-23

Overview

pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines.

Description

PPP is the protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links including Virtual Private Networks (VPN) such as Point to Point Tunneling Protocol (PPTP). The pppd software can also authenticate a network connected peer and/or supply authentication information to the peer using multiple authentication protocols including EAP.

Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to execution of unwanted code.

The vulnerability is in the logic of the eap parsing code, specifically in the eap_request() and eap_response() functions in eap.c that are called by a network input handler. These functions take a pointer and length as input using the the first byte as a type. If the type is EAPT_MD5CHAP(4), it looks at an embedded 1-byte length field. The logic in this code is intended to makes sure that embedded length is smaller than the whole packet length. After this verification, it tries to copy provided data (hostname) that is located after the embedded length field into a local stack buffer. This bounds check is incorrect and allows for memory copy to happen with an arbitrary length of data.

An additional logic flaw causes the eap_input() function to not check if EAP has been negotiated during the Line Control Protocol (LCP) phase. This allows an unauthenticated attacker to send an EAP packet even if ppp refused the authentication negotiation due to lack of support for EAP or due to mismatch of an agreed pre-shared passphrase in the LCP phase. The vulnerable pppd code in eap_input will still process the EAP packet and trigger the stack buffer overflow. This unverified data with an unknown size can be used to corrupt memory of the target system. The pppd often runs with high privileges (system or root) and works in conjunction with kernel drivers. This makes it possible for an attacker to potentially execute arbitrary code with system or root level privileges.

The pppd software is also adopted into lwIP (lightweight IP) project to provide pppd capabilities for small devices. The default installer and packages of lwIP are not vulnerable to this buffer overflow. However if you have used the lwIP source code and configured specifically to enable EAP at compile time, your software is likely vulnerable to the buffer overflow. The recommended update is available from Git repoistory http://git.savannah.nongnu.org/cgit/lwip.git.

This type of weakness is commonly associated in Common Weakness Enumeration (CWE) with CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'). A Proof-of-Concept exploit for PPTP VPN Servers is provided by CERT/CC in their Github repository https://github.com/CERTCC/PoC-Exploits/tree/master/cve-2020-8597-pptpd

Impact

By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution.

Solution

Update your software with the latest available patches provided by your software vendor. It is incorrect to assume that pppd is not vulnerable if EAP is not enabled or EAP has not been negotiated by a remote peer using a secret or passphrase. This is due to the fact that an authenticated attacker may still be able to send unsolicited EAP packet to trigger the buffer overflow.


If your software is packaged and created from the ppp source code, please obtain the latest software from github pppd repository.
https://github.com/paulusmack/ppp
Patch referenced :
https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426

In case of lwIP package that is compiled from source with EAP enabled at compile time, obtain the latest software from github
http://git.savannah.nongnu.org/cgit/lwip.git
Patch referenced:
http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86

Note: the latest software also includes ignoring out-of-order or unsolicited EAP packets from being processed as an additional precautionary measure. It is recommended that you use the latest available software from the appropriate Git repository that includes this fix.

There is no viable work around except to patch the software with updated software made available by the software vendors.

Vendor Information

782301
 
Affected   Unknown   Unaffected

Amazon

Notified:  February 11, 2020 Updated:  March 10, 2020

Status

  Affected

Vendor Statement

Visit ALAS post https://alas.aws.amazon.com/AL2/ALAS-2020-1400.html for details of this vulnerability

Vendor Information

Amazon Linux has adopted RedHat advisory and published their own updates. Please see Vendor URL section for details.

Vendor References

Arch Linux

Notified:  February 11, 2020 Updated:  March 09, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

ArchLinux has updated its advisory on March 7 2020, with ASA-202003-3 advisory with resolution statement

"Upgrade to 2.4.7-7.
# pacman -Syu "ppp>=2.4.7-7"
The problem has been fixed upstream but no release is available yet."

Vendor References

CentOS

Updated:  March 20, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

2020-02-25 - Jaroslav Skarvada <jskarvad@redhat.com> - 2.4.5-34

- Fixed buffer overflow in the eap_request and eap_response functions
Resolves: CVE-2020-8597
Centos 8:
Update provided follow the Vendor URL for your architecture

Centos 7:
Update provided follow the Vendor URL for your version and architecture

Centos 6:
End of Life no updates available

Vendor References

Check Point

Notified:  February 19, 2020 Updated:  March 23, 2020

Status

  Affected

Vendor Statement

See Checkpoint security advisory sk165875 link in Vendor URL section.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Debian GNU/Linux

Updated:  February 19, 2020

Status

  Affected

Vendor Statement

Package : ppp

    Version : 2.4.6-3.1+deb8u1
    CVE ID : CVE-2020-8597
    Debian Bug : 950618

    Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,
    the Point-to-Point Protocol daemon. When receiving an EAP Request
    message in client mode, an attacker was able to overflow the rhostname
    array by providing a very long name. This issue is also mitigated by
    Debian's hardening build flags.

    For Debian 8 "Jessie", this problem has been fixed in version
    2.4.6-3.1+deb8u1.

    We recommend that you upgrade your ppp packages.

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be

Vendor Information

Vendor bug report can be found in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950618

Vendor References

Fedora Project

Notified:  February 11, 2020 Updated:  March 09, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Fedora Project has put out new software updates to address this issue on Fri, 21 Feb 2020 16:44:33 UTC, please use the vendor's URL's to find the suitable update for your version of Fedora and your platform.

Vendor References

Microsoft

Updated:  March 10, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

NetBSD

Notified:  February 11, 2020 Updated:  February 21, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

NetBSD external ppp has been updated in the CVS repository. Users can set up pkg_admin to download the pkg-vulnerabilities file daily (URL in the Vendor URL section), and include a package audit in the daily security script. Details on this are located in the MESSAGE file for pkg_install.

Vendor References

OpenWRT

Notified:  February 19, 2020 Updated:  February 25, 2020

Status

  Affected

Vendor Statement

Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability (CVE-2020-8597)

    DESCRIPTION
    A remotely exploitable vulnerability was found in Point-to-Point Protocol Daemon (pppd), which has a significant potential impact due to the possibility of remote code execution prior to authentication.
    OpenWrt by default enables the _FORTIFY_SOURCE=1 compiler macro which introduces additional checks to detect buffer-overflows in the standard library functions, thus protecting the memcpy() abused in this overflow, preventing the actual buffer overflow and hence possible remote code execution by instead terminating the pppd daemon. Due to those defaults the impact of the issue was changed to a denial of service vulnerability, which is now also addressed by this fix.
    CVE-2020-8597 has been assigned to this issue, you can find the latest version of this advisory on our wiki.
    REQUIREMENTS
    In order to exploit this vulnerability, a malicious attacker would need to provide specially crafted EAP Request packet of type EAPT_MD5CHAP to ppp running in client mode and thus overflowing the rhostname string buffer by providing a very long hostname.
    MITIGATIONS
    To fix this issue, update the affected ppp package using the command below.
    `opkg update; opkg upgrade ppp`
    The fix is contained in the following and later versions:
    OpenWrt master: 2020-02-20 reboot-12255-g215598fd0389
    OpenWrt 19.07: 2020-02-20 v19.07.1-17-g6b7eeb74dbf8
    OpenWrt 18.06: 2020-02-20 v18.06.7-6-gcc78f934a946
    AFFECTED VERSIONS
    To our knowledge, OpenWrt versions 18.06.0 to 18.06.7 and versions 19.07.0 to
    19.07.1 are affected. The fixed packages will be integrated in the upcoming OpenWrt 18.06.8 and OpenWrt 19.07.2 releases. Older versions of OpenWrt (e.g.
    OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Peplink

Notified:  February 19, 2020 Updated:  March 12, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Red Hat, Inc.

Notified:  February 11, 2020 Updated:  March 03, 2020

Status

  Affected

Vendor Statement

The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The "Stack Smashing Protection" may help mitigate code execution attacks for this flaw and limit its impact to crash only. This flaw only affects pppd servers and clients when EAP negotiation is used. pppd will refuse to do EAP negotiation unless it has an appropriate secret to use. The secret has to be added to /etc/ppp/chap-secrets. EAP can use CHAP or SRP as the underlying flavour of authentication, Red Hat packages are not compiled with SRP code.

Vendor Information

Redhat has created a Bug ID 1800727 for this vulnerability. RedHat has put our updates for their supported platforms. The vendor URL section has links to these updates. It is assumed that EAP needs to be enabled for this vulnerability to be exposed. However this is not the case as shown by Ilja Van Spronkel that even if EAP is disabled, an unauthenticated and unsolicited EAP packet can be send to trigger this vulnerability.

Vendor References

Sierra Wireless

Notified:  February 19, 2020 Updated:  March 06, 2020

Status

  Affected

Vendor Statement

We have published a security advisory for this issue. All new information will be updated on the advisory link below.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Slackware Linux Inc.

Notified:  February 11, 2020 Updated:  March 09, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Vendor has released a security advisory Wed, 4 Mar 2020 14:34:55 PST. Check to make sure you are subscribed to slackware-security@slackware.com and security@slackware.com is in your whitelist to receive slackware's security advisories.

Vendor References

SUSE Linux

Notified:  February 11, 2020 Updated:  February 21, 2020

Status

  Affected

Vendor Statement

We are indeed affected by this vulnerability in all our supported codestreams. However, this is mitigated by the FORTIFY_SOURCE overflow checking and also by the Stack Protector Overflow heuristic protection that our products ship. Updates are also on the way and we are going to release them within the next weeks. One can track the progress of the update along with all the affected software in our security page mentioned in the vendor URL section.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Synology

Notified:  February 11, 2020 Updated:  March 06, 2020

Status

  Affected

Vendor Statement

Synology confirms the following products are affected:

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

TP-LINK

Notified:  February 19, 2020 Updated:  March 03, 2020

Status

  Affected

Vendor Statement

We have published a security advisory for this issue (see link below in Vendor URLs section). And we are still working on this, and all new information will be updated on

    this advisory.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Ubiquiti Networks

Notified:  February 19, 2020 Updated:  March 09, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Ubiquiti Networks has put out advisory using their community releases with an updated firmware to address this vulnerability. Please check the URL's below for obtaining the right firmware to patch your systems.

Vendor References

Ubuntu

Notified:  February 11, 2020 Updated:  February 20, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The ppp security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.10
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

The problem can be corrected by updating your system to the following package versions respectively:
Ubuntu 19.10 ppp - 2.4.7-2+4.1ubuntu4.1
Ubuntu 18.04 LTS - ppp - 2.4.7-2+2ubuntu1.2
Ubuntu 16.04 LTS - ppp - 2.4.7-1+2ubuntu1.16.04.2
To update your system, use system package manager provided as part of Ubuntu..

Vendor References

Wind River

Notified:  February 19, 2020 Updated:  March 09, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Wind River support and defects page provides way to search for products affected by this vulnerability. As of Feb 4 2020, the security updates pages shows this CVE is being addressed by Windriver. Please use this defects page to search for your product or search for the CVE-2020-8597 as "Keyword" to obtain the relevant software and firmware updates.

Vendor References

Actiontec

Notified:  February 19, 2020 Updated:  February 25, 2020

Status

  Not Affected

Vendor Statement

We are using an older version of pppd that does not use EAP and does not have this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple

Notified:  February 11, 2020 Updated:  February 19, 2020

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Apple has a forked version of ppp that was modified years earlier. It shows not affected due to the source code changes.

Arista Networks, Inc.

Notified:  February 11, 2020 Updated:  February 14, 2020

Status

  Not Affected

Vendor Statement

Arista products do not have any features using pppd, hence no Arista products are affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH

Notified:  February 19, 2020 Updated:  March 05, 2020

Status

  Not Affected

Vendor Statement

FRITZ!Box and other AVM products are not affected. AVM does not use the ppp implementation from the pppd project.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems

Notified:  February 19, 2020 Updated:  February 25, 2020

Status

  Not Affected

Vendor Statement

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS

Notified:  February 11, 2020 Updated:  February 12, 2020

Status

  Not Affected

Vendor Statement

CoreOS Container Linux does not ship pppd.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DrayTek Corporation

Notified:  February 13, 2020 Updated:  March 06, 2020

Status

  Not Affected

Vendor Statement

Thank you for your request for Technical Support. EAP isn't supported on 3900/2960/300B PPTP, so these should not be affected. The rest of the models are running in non-linux platform, the PPTP service isn't using pppd either.

Vendor Information

Updated information from Draytek March 6, 2020

Draytek DSL models are running in our in-house OS, they won't be affected by this vulnerability.
Draytek also plans to add protection in the next firmware release to enhance the security for Vigor3900/2960, although EAP is not enabled or supported. Please check advisory URL mentioned below for updates.

Vendor References

Fortinet

Notified:  February 13, 2020 Updated:  February 25, 2020

Status

  Not Affected

Vendor Statement

Fortinet FortiOS are not impacted by this vulnerability

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Notified:  February 11, 2020 Updated:  February 21, 2020

Status

  Not Affected

Vendor Statement

FreeBSD does not distribute pppd.

Vendor Information

A review of the pppd source tree suggests that FreeBSD do not include pppd in the base system (removed in r190751 - ten years ago). The first pppd version that contained the vulnerability was 2.4.2, and FreeBSD has never shipped with that version.

HardenedBSD

Notified:  February 11, 2020 Updated:  February 12, 2020

Status

  Not Affected

Vendor Statement

HardenedBSD does not ship with this software in the base operating system.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks

Notified:  February 11, 2020 Updated:  February 25, 2020

Status

  Not Affected

Vendor Statement

Juniper is not impacted by this vulnerability

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH

Notified:  February 19, 2020 Updated:  February 26, 2020

Status

  Not Affected

Vendor Statement

LANCOM Systems products are not vulnerable to these vulnerabilities.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

lwIP

Notified:  February 05, 2020 Updated:  February 16, 2020

Status

  Not Affected

Vendor Statement

lwIP is a bit different than pppd, we added a lot of preprocessor directives to enable or disable features at compile time in order to reduce binary size output and EAP is disabled by default:

Vendor Information

EAP was never used by any lwIP user. The lwIP PPP support is mostly used with cellular modems only as a framing protocol limited to the serial link between the MCU and the modem were security is less relevant because it is not authenticated anyway. The lwIP so far has had support for PAP, CHAP, MS-CHAP (tied to MPPE keys exchange), but EAP has never been enabled from compile time.

Vendor References

MikroTik

Notified:  February 13, 2020 Updated:  February 14, 2020

Status

  Not Affected

Vendor Statement

The described issue is with EAP authentication, which RouterOS doesn't support for PPP

OpenBSD

Notified:  February 11, 2020 Updated:  February 21, 2020

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc.

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Buffalo Inc

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco

Updated:  March 18, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Cisco is investigating this issue and has assigned a bug ID CSCvs95534.

Vendor References

Comcast

Notified:  February 19, 2020 Updated:  February 21, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dd-wrt

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc.

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marconi, Inc.

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetApp

Updated:  March 18, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

NetApp is investigating this issue and will continue to update this advisory as additional information becomes available.

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.
Advisory ID: NTAP-20200313-0004 Version: 2.0 Last updated: 03/16/2020 Status: Interim. CVEs: CVE-2020-8597.

Vendor References

Netgear, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenIndiana

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc.

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc.

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TDS Telecom

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  February 11, 2020 Updated:  February 11, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zyxel

Notified:  February 19, 2020 Updated:  February 19, 2020

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 102 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.7 E:F/RL:OF/RC:C
Environmental 7.7 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Ilja Van Sprundel from IOActive for reporting this vulnerability.

This document was written by Vijay Sarvepalli.

Other Information

CVE IDs: CVE-2020-8597
Date Public: 2020-02-02
Date First Published: 2020-03-04
Date Last Updated: 2020-03-23 14:34 UTC
Document Revision: 76

Sponsored by CISA.