Ripple20: Finding Vulnerable Devices and Detecting Attacks


extra post 3 image 1

ExtraHop has published detections for CVE-2020-11901, for which JSOF presented details at Black Hat on August 5. In the disclosure, a set of four bugs are described that can lead to remote code execution on an affected device. In its revision of Treck’s DNS parsing logic, ExtraHop Threat Research independently identified a separate heap overflow that Treck verified only affects earlier versions of the software and falls under the umbrella of CVE-2020-11901.

Read more…