Is FNP toolkit affected by Ripple20 Vulnerabilities?
Question: Is FNP toolkit functionality affected by the Ripple20 Security Vulnerabilities in TCP/IP library from the Treck Inc.?
A pack of 19 or more Security Vulnerabilities have been found in the ubiquitous TCP/IP library from the Treck Inc. [https://treck.com. They have been named Ripple20. More information about Ripple20 can be obtained at https://www.jsof-tech.com/ripple20/.
A detailed technical report of two of the vulnerabilities and their exploitation can be found in the CVE-2020-11896/CVE-2020-11898
Of the Ripple20 batch, four bugs are critical. Two of them (remote code execution CVE-2020-11896 and CVE-2020-11897) have the highest severity score (10 out of 10) and the other two are rated 9.0 (CVE-2020-11901) and 9.1 (an information leak, CVE-2020-11898).
No, FNP toolkit is not affected by these vulnerabilities.
For future references, it is advised to have a look at the "Non-Commercial Software Disclosures (NCSD)" document for particular release, which is available under PLC for each FNP toolkit - for confirmation if particular library/tool/Inc. files are used by FNP toolkits.