This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is FNP toolkit affected by Ripple20 Vulnerabilities?

Is FNP toolkit affected by Ripple20 Vulnerabilities?

Question: Is  FNP toolkit functionality  affected by the Ripple20 Security Vulnerabilities in TCP/IP library from the Treck Inc.?

Ans:

A pack of 19 or more Security Vulnerabilities have been found in the ubiquitous TCP/IP library from the Treck Inc. [https://treck.com. They have been named Ripple20. More information about Ripple20 can be obtained at https://www.jsof-tech.com/ripple20/.

A detailed technical report of two of the vulnerabilities and their exploitation can be found in the CVE-2020-11896/CVE-2020-11898

 Of the Ripple20 batch, four bugs are critical. Two of them (remote code execution CVE-2020-11896 and CVE-2020-11897) have the highest severity score (10 out of 10) and the other two are rated 9.0 (CVE-2020-11901) and 9.1 (an information leak, CVE-2020-11898).

No, FNP toolkit is not affected by these vulnerabilities.

For future references, it is advised to have a look at the "Non-Commercial Software Disclosures (NCSD)" document for particular release, which is available under PLC for each FNP toolkit - for confirmation if particular library/tool/Inc. files are used by FNP toolkits.

Was this article helpful? Yes No
0 Kudos
No ratings
Version history
Last update:
‎Jul 08, 2020 03:35 PM
Updated by:
Contributors