Researchers find 19 vulnerabilities in tcp/ip library of many iot devices

By admin On Jun 18, 2020

Spread the love

Security researchers have discovered multiple vulnerabilities in a common tcp/ip stack implemented in many iot devices. One of the vulnerabilities can be used for remote code executions, among other things.

It concerns a collection of 19 vulnerabilities in a specific tcp/ip implementation. It comes from an American software company called Treck. The company’s library is used in many different IoT devices, many of which are industrial equipment. The vulnerabilities were discovered by Israeli security firm JSOF. That itself mentions electricity networks, medical equipment, and equipment in the transport sector and aviation, although it does not give concrete examples.

The researchers call the collection of vulnerabilities Ripple20. That name was chosen because the researchers believe that the vulnerabilities will have a ‘ripple’ effect for IoT devices throughout 2020.

Of the 19 vulnerabilities, two have been rated 10 on a severity scale. These are CVE-2020-11896 and CVE-2020-11897. The first is a vulnerability that allows remote code execution to be performed on a device. This can be done by sending infected tcp/ip packets through an ipv4 tunnel. This is only possible with devices that run a certain Treck configuration. The second vulnerability works the same way, but only with ipv6 packets.

Another serious vulnerability is CVE-2020-11901, which also allows an rce to be performed via a dns request. There are also vulnerabilities with which data can be read, and a use-after-free vulnerability.

JSOF says Ripple20 probably doesn’t contain all vulnerabilities in Treck’s tcp/ip library. The researchers also say that not all vulnerable devices have been found online yet. JSOF says it has warned as many manufacturers as possible about the vulnerabilities, but that many devices are likely still vulnerable without anyone knowing.

The security company worked with Treck for the release. That now has patches available for all 19 vulnerabilities. However, manufacturers still have to implement these themselves.