Is FNP toolkit affected by Ripple20 Vulnerabilities?

Is FNP toolkit affected by Ripple20 Vulnerabilities?

Question: Is  FNP toolkit functionality  affected by the Ripple20 Security Vulnerabilities in TCP/IP library from the Treck Inc.?

Ans:

A pack of 19 or more Security Vulnerabilities have been found in the ubiquitous TCP/IP library from the Treck Inc. [https://treck.com. They have been named Ripple20. More information about Ripple20 can be obtained at https://www.jsof-tech.com/ripple20/.

A detailed technical report of two of the vulnerabilities and their exploitation can be found in the CVE-2020-11896/CVE-2020-11898

 Of the Ripple20 batch, four bugs are critical. Two of them (remote code execution CVE-2020-11896 and CVE-2020-11897) have the highest severity score (10 out of 10) and the other two are rated 9.0 (CVE-2020-11901) and 9.1 (an information leak, CVE-2020-11898).

No, FNP toolkit is not affected by these vulnerabilities.

For future references, it is advised to have a look at the "Non-Commercial Software Disclosures (NCSD)" document for particular release, which is available under PLC for each FNP toolkit - for confirmation if particular library/tool/Inc. files are used by FNP toolkits.

Was this article helpful? Yes No
No ratings
Version history
Revision #:
1 of 1
Last update:
‎Jul 08, 2020 03:35 PM
Updated by:
 
Contributors