AMNESIA:33 - Multiple Embedded TCP/IP Stacks Vulnerabilities

Bulletin ID: NTAP-SB-20210216-0001 Version:1.0 Last Updated: 20210216

Applies To

All NetApp products

Summary

“AMNESIA:33” refers to a group of vulnerabilities found in multiple open-source TCP/IP stacks.

No NetApp Products include the affected TCP/IP stacks: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net

Associated CVE IDs:

CVE-2020-13984 CVE-2020-13985 CVE-2020-13986 CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVE-2020-17438 CVE-2020-17439 CVE-2020-17440 CVE-2020-17441 CVE-2020-17442 CVE-2020-17443 CVE-2020-17444 CVE-2020-17445 CVE-2020-17467 CVE-2020-17468 CVE-2020-17469 CVE-2020-17470 CVE-2020-24334 CVE-2020-24335 CVE-2020-24336 CVE-2020-24337 CVE-2020-24338 CVE-2020-24339 CVE-2020-24340 CVE-2020-24341 CVE-2020-24383 CVE-2020-25107 CVE-2020-25108 CVE-2020-25109 CVE-2020-25110 CVE-2020-25111 CVE-2020-25112

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
https://www.kb.cert.org/vuls/id/815128
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/