CVE-2020-16898 – Bad Neighbor
SIEM Content Packages
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.
An attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer to exploit this vulnerability.
The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets. (Microsoft)
MITRE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16898
CVSS Score: 9.8
We strongly recommend disabling IPV6 on all end devices if the IPV6 protocol is not in use because it’s vulnerable to many attacks.
More information below:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ipv6
Otherwise, we recommend patching your hosts and servers to this vulnerability.
Here’s the link for MSRC to download the relevant KB:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
