Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-10188

Published: 06/03/2020 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Netkit Telnet

Vulnerability Summary

utility.c in telnetd in netkit telnet up to and including 0.17 allows remote malicious users to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netkit telnet project netkit telnet

fedoraproject fedora 30

fedoraproject fedora 31

fedoraproject fedora 32

debian debian linux 8.0

debian debian linux 9.0

arista eos

arista eos 4.24.0f

oracle communications performance intelligence center 10.4.0.2

juniper junos 15.1x49

juniper junos 15.1

juniper junos 16.1

juniper junos 12.3

juniper junos 15.1x49-d30

juniper junos 12.3x48

juniper junos 12.3x50

juniper junos 17.2

juniper junos 17.3

juniper junos 17.4

juniper junos 18.1

juniper junos 18.2

juniper junos 18.3

juniper junos 18.4

juniper junos 17.2x75

juniper junos 18.2x75

juniper junos 15.1x49-d60

juniper junos 15.1x49-d140

juniper junos 15.1x49-d150

juniper junos 15.1x49-d160

juniper junos 18.2x75-d10

juniper junos 12.3r12

juniper junos 19.1

juniper junos 19.2

juniper junos 19.3

juniper junos 19.4

juniper junos 20.1

juniper junos 18.2x75-d30

Vendor Advisories

Debian CVElist Bug Report Logs: netkit-telnet: CVE-2020-10188
Debian Bug report logs - #953477 netkit-telnet: CVE-2020-10188 Package: src:netkit-telnet; Maintainer for src:netkit-telnet is Mats Erik Andersson <matsandersson@gisladiskerse>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 9 Mar 2020 21:18:01 UTC Severity: important Tags: security, upstream Fo ...
Red Hat: Important: telnet security update
Synopsis Important: telnet security update Type/Severity Security Advisory: Important Topic An update for telnet is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: krb5-appl security update
Synopsis Important: krb5-appl security update Type/Severity Security Advisory: Important Topic An update for krb5-appl is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: telnet security update
Synopsis Important: telnet security update Type/Severity Security Advisory: Important Topic An update for telnet is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: telnet security update
Synopsis Important: telnet security update Type/Severity Security Advisory: Important Topic An update for telnet is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Amazon Linux 2: ALAS2-2020-1422
utilityc in telnetd in netkit telnet through 017 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions (CVE-2020-10188) ...
Amazon Linux AMI: ALAS-2020-1387
utilityc in telnetd in netkit telnet through 017 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions (CVE-2020-10188) ...
Cisco: Telnet Vulnerability Affecting Cisco Products: June 2020
On February 28, 2020, APPGATE published a blog post regarding CVE-ID CVE-2020-10188, which is a vulnerability in Telnet servers (telnetd) For more information about this vulnerability, see the Details section Cisco will release software updates that address this vulnerability There are workarounds that address this vulnerability This advisory i ...
Arch Linux Issues:
A vulnerability was found in inetutils before version 19491 where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data could lead to information disclosure and corruption of heap data An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve ...

References

CWE-120https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.htmlhttps://lists.debian.org/debian-lts-announce/2020/05/msg00012.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPxhttps://lists.debian.org/debian-lts-announce/2020/08/msg00038.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLU6FL24BSQQEB2SJC26NLJ2MANQDA7M/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7FMTRRQTYKWZD2GMXX3GLZV46OLPCLVK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3VJ6V2Z3JRNJOBVHSOPMAC76PSSKG6A/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953477https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1422.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook