Synology-SA-20:15 Ripple20
Publish Time: 2020-06-18 18:48:28 UTC+8
Last Updated: 2020-06-18 18:48:28 UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
None of Synology's products are affected as these vulnerabilities only affect products equipped with Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2[1] | Not affected | N/A |
[1] DS214play, DS216+, DS216+II, DS218+, DS220+, DS412+, DS415+, DS415play, DS416play, DS418play, DS420+, DS620slim, DS713+, DS716+, DS716+II, DS718+, DS720+, DS916+, DS918+, DS920+, DS1019+, DS1512+, DS1513+, DS1515+, DS1517+, DS1618+, DS1812+, DS1813+, DS1815+, DS1817+, DS1819+, DS2413+, DS2415+, DS2419+, DS3018xs, DS3611xs, DS3612xs, DS3615xs, DS3617xs, DVA3219, FS1018, FS2017, FS3017, FS3400, FS3600, FS6400, RC18015xs+, RS812+, RS812RP+, RS814+, RS814RP+, RS815+, RS815RP+, RS818+, RS818RP+, RS820+, RS820RP+, RS1219+, RS1619xs+, RS2212+, RS2212RP+, RS2414+, RS2414RP+, RS2416+, RS2416RP+, RS2418+, RS2418RP+, RS2818RP+, RS3411RPxs, RS3411xs, RS3412RPxs, RS3412xs, RS3413xs+, RS3614RPxs, RS3614xs, RS3614xs+, RS3617RPxs, RS3617xs, RS3617xs+, RS3618xs, RS4017xs+, RS10613xs+, RS18016xs+, RS18017xs+, SA3200D, SA3400, SA3600, UC3200
Mitigation
None
Detail
CVE-2020-0594
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2020-0595
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2020-0596
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
CVE-2020-0597
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2020-8674
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
- Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.
Reference
- Ripple20 Vulnerabilities Affecting Treck IP Stacks
- VU#257161
- Ripple20
- INTEL-SA-00295
- CVE-2020-0594
- CVE-2020-0595
- CVE-2020-0596
- CVE-2020-0597
- CVE-2020-8674
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2020-06-18 | Initial public release. |