Ipv6
CVE-2020-27338
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access.
AnalysisAI
An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access. Affected products include: Treck Ipv6. Version information: before 6.0.1.68..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. Rated high se
An issue was discovered in Treck IPv6 before 6.0.1.68. Rated high severity (CVSS 7.3), this vulnerability is remotely ex
An issue was discovered in Treck IPv6 before 6.0.1.68. Rated medium severity (CVSS 5.3), this vulnerability is remotely
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. Rated
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a netw
Same weakness CWE-20 – Improper Input Validation
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today