Reset Search
 

 

Article

SA44508 - 2020-06: Out-of-Cycle Advisory: Multiple Vulnerabilities in Treck TCP/IP Embedded Software

« Go Back

Information

 
Product Affected
Problem
Treck IP network stack software is designed and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library.

Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities.
The Treck advisory can be found at the following link: https://treck.com/vulnerability-response-information/
 
Solution

Ripple20 Vulnerability


The table below provides details of the affected and not affected products:

    Pulse Connect SecureNot Vulnerable
    Pulse Policy SecureNot Vulnerable
    Pulse OneNot Vulnerable
    All versions of Pulse Desktop ClientNot Vulnerable
    Pulse Mobile Client (Android & iOS)Not Vulnerable
    Pulse Secure vADCResolved in vTM 18.2 (LTS Release) and above
     

    Exploitation

    Pulse Secure PSIRT is not aware of any malicious exploitation for this vulnerability. 

    LEGAL DISCLAIMER

    • THIS ADVISORY IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  USE OF THIS INFORMATION FOUND IN THIS ADVISORY OR IN MATERIALS LINKED HEREFROM IS AT THE USER’S OWN RISK.  PULSE SECURE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS ADVISORY AT ANY TIME.
    • A STANDALONE COPY OR PARAPHRASE OF THE TEXT OF THIS ADVISORY THAT OMITS THE DISTRIBUTION URL IS AN UNCONTROLLED COPY AND MAY OMIT IMPORTANT INFORMATION OR CONTAIN ERRORS.  THE INFORMATION IN THIS ADVISORY IS INTENDED FOR END USERS OF PULSE SECURE PRODUCTS.
    Document History:
    June 19, 2020 - Initial advisory posted.

     
    Workaround
    Not Applicable
    Implementation
    Not Applicable
    Related Links
    CVSS Score
    Risk Assessment
    Acknowledgements
    Alert TypeSA - Security Advisory
    Risk LevelHigh
    Attachment 1 
    Attachment 2 
    Legacy ID

    Feedback

     

    Was this article helpful?


       

    Feedback

    Please tell us how we can make this article more useful.

    Characters Remaining: 255