Is CVE-2020-10188 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 75%.

What products does CVE-2020-10188 affect?

Tracked products affected include EOS, Fedora, Junos OS. Check the version you run to see whether it is affected.

How do I fix CVE-2020-10188?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2020-10188

Q: What is CVE-2020-10188?

CVE-2020-10188 is a critical-severity software vulnerability (Buffer overflow) with a CVSS score of 9.8. utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

CRITICAL severity · CVSS 9.8 · Buffer overflow

9.8CVSS CRITICAL

Summary

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)75%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (3)

EOS Fedora Junos OS

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216 ↗

Additional information

NVD record
https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216Patch
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.htmlAdvisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00012.htmlAdvisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00038.htmlAdvisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7FMTRRQTYKWZD2GMXX3GLZV46OLPCLVK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLU6FL24BSQQEB2SJC26NLJ2MANQDA7M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3VJ6V2Z3JRNJOBVHSOPMAC76PSSKG6A/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPxAdvisory