CVE-2020-14936 – A critical buffer overflow vulnerability in Con... (How to Fix)

Q: What is the severity of CVE-2020-14936?

CVE-2020-14936 has a CVSS score of 9.8 (CRITICAL). A critical buffer overflow vulnerability in Contiki-NG's SNMP agent allows remote attackers to overwrite memory regions beyond allocated buffers by sending crafted SNMP requests. This affects IoT devices running Contiki-NG 4.4 through 4.5 with SNMP enabled, potentially enabling remote code execution or device compromise.

📋 TL;DR

A critical buffer overflow vulnerability in Contiki-NG's SNMP agent allows remote attackers to overwrite memory regions beyond allocated buffers by sending crafted SNMP requests. This affects IoT devices running Contiki-NG 4.4 through 4.5 with SNMP enabled, potentially enabling remote code execution or device compromise.

💻 Affected Systems

Products:

Contiki-NG

Versions: 4.4 through 4.5

Operating Systems: Contiki-NG (IoT embedded OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SNMP agent enabled. Many IoT devices use SNMP for monitoring by default.

📦 What is this software?

Contiki Ng by Contiki Ng

View all CVEs affecting Contiki Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full control of IoT device, executes arbitrary code, pivots to internal networks, or bricks devices permanently.

🟠

Likely Case

Remote attacker crashes SNMP service causing denial of service, or gains limited code execution to compromise device functionality.

🟢

If Mitigated

With SNMP disabled or network segmentation, impact limited to denial of service if SNMP service crashes.

🌐 Internet-Facing: HIGH - SNMP is often exposed on IoT devices for management, and exploit requires no authentication.

🏢 Internal Only: HIGH - Even internally, SNMP is commonly used for device monitoring and management.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept details available in GitHub issue. Crafting malicious SNMP packets requires understanding of SNMP protocol but tools exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contiki-NG 4.6 and later

Vendor Advisory: https://github.com/contiki-ng/contiki-ng/issues/1351

Restart Required: Yes

Instructions:

1. Update Contiki-NG to version 4.6 or later. 2. Recompile and redeploy firmware to affected IoT devices. 3. Restart devices to apply new firmware.

🔧 Temporary Workarounds

Disable SNMP Agent

all

Disable SNMP functionality if not required for device operation.

Modify Contiki-NG configuration to disable SNMP agent during compilation

Network Segmentation

linux

Restrict SNMP access to trusted management networks only.

iptables -A INPUT -p udp --dport 161 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j DROP

🧯 If You Can't Patch

Disable SNMP agent completely in device configuration
Implement strict network ACLs to block all SNMP traffic (UDP port 161) to affected devices

🔍 How to Verify

Check if Vulnerable:

Check Contiki-NG version: if between 4.4-4.5 and SNMP is enabled, device is vulnerable.

Check Version:

Check firmware version or Contiki-NG build configuration for version number

Verify Fix Applied:

Verify Contiki-NG version is 4.6 or later and SNMP functions properly without crashes.

📡 Detection & Monitoring

Log Indicators:

SNMP service crashes
Memory corruption errors in system logs
Unusual SNMP request patterns

Network Indicators:

Malformed SNMP packets to UDP port 161
SNMP requests with unusually long OIDs

SIEM Query:

source_port=161 AND (packet_size>1500 OR pattern_match("malformed_oid_pattern"))

📊 Metadata

CVE ID: CVE-2020-14936

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 18, 2020

Last Updated: November 21, 2024

🔗 References

https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing Third Party Advisory
https://github.com/contiki-ng/contiki-ng/issues/1351 Third Party Advisory
https://drive.google.com/file/d/1FypWH_g475jSL0mDFzquaATCeRIHQ2kj/view?usp=sharing Third Party Advisory
https://github.com/contiki-ng/contiki-ng/issues/1351 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14936, you might also want to check these: