Cisco announced the release of fixes for the critical vulnerabilities on the Treck IP stack implementation were disclosed on June 16, 2020. These vulnerabilities are known as Ripple20 and the exploitation of these vulnerabilities could result in remote code execution, denial of service (DoS), or information disclosure. Cisco ASR 5000, Cisco ASR 5500, and Cisco Virtual Packet Core are affected by the vulnerabilities. The company also stated that it is continuing to evaluate the fix and will update the advisory as additional information becomes available.
Routing and Switching
Cisco also advised customers to consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution. The company also urged users to ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. These vulnerabilities were discovered and reported to CERT/CC by JSOF.