PSIRT Advisory

Ripple20 - Critical Vulnerabilities in low-level TCP/IP software library developed by Treck

Summary

On June 16, 2020, cybersecurity researchers from JSOF published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

Impact

Information disclosure, Execute unauthorized code or commands

Affected Products

Fortinet products do not use the low-level TCP/IP software library developed by Treck, Inc and are therefore not impacted by these vulnerabilities.