PT-2020-18699 · Trading Technologies · Trading Technologies Messaging

Published

2020-09-02

Updated

2021-07-21

CVE-2020-5778

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Trading Technologies Messaging version 7.1.28.3

Description A flaw in the software exists due to improper validation of user-supplied data when processing a type 8 message sent to the default TCP RequestPort 10200. This allows an unauthenticated, remote attacker to exploit the issue via a specially crafted message, potentially terminating the ttmd.exe process.

Recommendations For Trading Technologies Messaging version 7.1.28.3, consider restricting access to the default TCP RequestPort 10200 to minimize the risk of exploitation. As a temporary workaround, monitor the ttmd.exe process for unexpected terminations and restart it as necessary until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-20

Related Identifiers

CVE-2020-5778

Affected Products

Trading Technologies Messaging

PT-2020-18699 · Trading Technologies · Trading Technologies Messaging

CVE-2020-5778

Weakness Enumeration

Related Identifiers

Affected Products

References · 3