CVE-2020-5778 – An unauthenticated remote attacker can send a s... (How to Fix)

Q: What is the severity of CVE-2020-5778?

CVE-2020-5778 has a CVSS score of 7.5 (HIGH). An unauthenticated remote attacker can send a specially crafted type 8 message to Trading Technologies Messaging service on TCP port 10200, causing the ttmd.exe process to terminate. This affects Trading Technologies Messaging 7.1.28.3 installations with the default configuration. The vulnerability allows denial of service attacks against trading infrastructure.

📋 TL;DR

An unauthenticated remote attacker can send a specially crafted type 8 message to Trading Technologies Messaging service on TCP port 10200, causing the ttmd.exe process to terminate. This affects Trading Technologies Messaging 7.1.28.3 installations with the default configuration. The vulnerability allows denial of service attacks against trading infrastructure.

💻 Affected Systems

Products:

Trading Technologies Messaging

Versions: 7.1.28.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable in default configuration with RequestPort 10200 listening. Affects ttmd.exe service component.

📦 What is this software?

Trading Technologies Messaging by Tradingtechnologies

View all CVEs affecting Trading Technologies Messaging →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of trading operations due to service termination, potentially causing financial losses during market hours.

🟠

Likely Case

Service disruption requiring manual restart of ttmd.exe, causing temporary trading interruptions.

🟢

If Mitigated

Minimal impact if service is behind firewalls with restricted access and has automated restart capabilities.

🌐 Internet-Facing: HIGH - Default configuration exposes vulnerable service on port 10200, allowing direct exploitation from internet.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit the vulnerability to disrupt trading operations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending specially crafted type 8 message to port 10200. Tenable research provides technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.28.4 or later

Vendor Advisory: https://www.tradingtechnologies.com/

Restart Required: Yes

Instructions:

1. Contact Trading Technologies for updated version 2. Backup current configuration 3. Install patch 4. Restart ttmd.exe service 5. Verify service is running

🔧 Temporary Workarounds

Firewall Restriction

windows

Block access to TCP port 10200 from untrusted networks

netsh advfirewall firewall add rule name="Block TT Port 10200" dir=in action=block protocol=TCP localport=10200

Service Monitoring and Auto-restart

windows

Configure service to automatically restart if terminated

sc failure ttmd reset= 86400 actions= restart/5000

🧯 If You Can't Patch

Implement network segmentation to restrict access to port 10200 only to trusted trading systems
Deploy intrusion detection systems to monitor for exploitation attempts on port 10200

🔍 How to Verify

Check if Vulnerable:

Check if ttmd.exe version is 7.1.28.3 and listening on port 10200

Check Version:

wmic process where name="ttmd.exe" get caption,version

Verify Fix Applied:

Verify ttmd.exe version is 7.1.28.4 or later and service remains running after sending test packets

📡 Detection & Monitoring

Log Indicators:

Unexpected termination of ttmd.exe process
Error logs showing malformed type 8 messages

Network Indicators:

Multiple connection attempts to port 10200 from single source
Unusual traffic patterns to port 10200

SIEM Query:

source_port=10200 AND (event_type="process_termination" OR packet_size<100)

📊 Metadata

CVE ID: CVE-2020-5778

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: September 2, 2020

Last Updated: November 21, 2024

🔗 References

https://www.tenable.com/security/research/tra-2020-52 Third Party Advisory
https://www.tenable.com/security/research/tra-2020-52 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-5778, you might also want to check these: