CVE-2020-17437

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

Published: 2020-12-11 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2020-17437 is rated Moderate Risk (52.6/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.34%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2020-17437

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-12-13 0.24% 0.34% +0.10%
2 2025-11-21 0.50% 0.24% -0.26%
3 2025-11-18 0.50%

Full EPSS history (17 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2020-17437

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.2 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 4.2 [email protected]
6.4 2.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 4.9 [email protected]

Weakness enumeration for CVE-2020-17437

OS Trackers for CVE-2020-17437

vendor priority summary link
debian not yet assigned CVE-2020-17437 not yet assigned priority: Debian including 1 source packages (open-iscsi), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2020-17437
redhat medium https://access.redhat.com/security/cve/CVE-2020-17437
suse high CVE-2020-17437 severity important: SUSE including 301 source package names (0.38.1.5.8.40:libopeniscsiusr0_2_0-2.1.4-22.14.1, 0.38.1.5.8.40:open-iscsi-2.1.4-22.14.1, …), 455 product×package rows across 65 product lines (Container suse/sles/15.2/virt-launcher, Image SLES12-SP5-Azure-BYOS, … (65 product lines)): Fixed 308, Known Affected 137, Known Not Affected 10. https://www.suse.com/security/cve/CVE-2020-17437/
ubuntu low CVE-2020-17437 low priority: Ubuntu including 1 source packages (open-iscsi), 11 status rows across 11 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, trusty, upstream, xenial): released 9, ignored 1, not-affected 1. https://ubuntu.com/security/CVE-2020-17437

Affected software / configurations for CVE-2020-17437

Vendor Product Version Raw CPE
uip_project uip <= 1.0 cpe:2.3:a:uip_project:uip:*:*:*:*:*:*:*:*
open-iscsi_project open-iscsi <= 2.1.7 cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*
siemens sentron_3va_com100_firmware < 4.4.1 cpe:2.3:o:siemens:sentron_3va_com100_firmware:*:*:*:*:*:*:*:*
siemens sentron_3va_com800_firmware < 4.4.1 cpe:2.3:o:siemens:sentron_3va_com800_firmware:*:*:*:*:*:*:*:*
siemens sentron_3va_dsp800_firmware < 4.0 cpe:2.3:o:siemens:sentron_3va_dsp800_firmware:*:*:*:*:*:*:*:*
siemens sentron_pac2200_clp_firmware cpe:2.3:o:siemens:sentron_pac2200_clp_firmware:-:*:*:*:*:*:*:*
siemens sentron_pac2200_firmware < 3.2.2 cpe:2.3:o:siemens:sentron_pac2200_firmware:*:*:*:*:*:*:*:*
siemens sentron_pac3200_firmware < 2.4.7 cpe:2.3:o:siemens:sentron_pac3200_firmware:*:*:*:*:*:*:*:*
siemens sentron_pac3200t_firmware < 3.2.2 cpe:2.3:o:siemens:sentron_pac3200t_firmware:*:*:*:*:*:*:*:*
siemens sentron_pac3220_firmware < 3.2.0 cpe:2.3:o:siemens:sentron_pac3220_firmware:*:*:*:*:*:*:*:*
siemens sentron_pac4200_firmware < 2.3.0 cpe:2.3:o:siemens:sentron_pac4200_firmware:*:*:*:*:*:*:*:*

References for CVE-2020-17437

URL Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf Patch Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/815128 Third Party Advisory US Government Resource
cvelogic Threat Intelligence