ICMP6: Windows IPv6 RDNSS CVE-2020-16898 Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Windows IPv6 RDNSS. A successful attack can lead to arbitrary code execution.
Extended Description
A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.
Affected Products
Microsoft windows_server_2019
References
CVE: CVE-2020-16898
Short Name
ICMP6:EXPLOIT:CVE-2020-16898-CE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
ICMP6
Keywords
CVE-2020-16898 Code Execution IPv6 RDNSS Remote Windows
Release Date
10/16/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3665
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.8