CVE-2020-16898 – Bad Neighbor – Monitoring By SIEM

CVE-2020-16898 – Bad Neighbor

SIEM Content Packages

A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.

An attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer to exploit this vulnerability.

The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets. (Microsoft)

MITRE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16898

CVSS Score: 9.8

We strongly recommend disabling IPV6 on all end devices if the IPV6 protocol is not in use because it’s vulnerable to many attacks.

More information below:

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ipv6

Otherwise, we recommend patching your hosts and servers to this vulnerability.

Here’s the link for MSRC to download the relevant KB:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

image
 idoh
Author
idoh
Share This Story, Choose Your Platform

Time to market

One-day SIEM integration