Site icon IT World Canada

Vulnerabilities in open source TCP/IP could affect millions of devices, Forescout researchers say

feature warning sign shutterstock

Shutterstock.com

Thirty-three vulnerabilities in four open-source TCP/IP stacks may affect the security of millions of internet-connected devices from 150 manufacturers, according to researchers from Forescout. The report means IT administrators have to be on the lookout for security updates from vendors who use open source stacks.

Collectively dubbed Amnesia:33, the company said in a report issued Monday that the vulnerabilities in the stacks —  uIP, PicoTCP, FNET, and Nut/Net — could allow remote code execution (RCE), denial of service (DoS via crash or infinite loop), information leak (infoleak) and DNS cache poisoning.

Within those stacks seven different components (DNS, IPv6, IPv4, TCP, ICMP, LLMNR and mDNS) are affected. Two vulnerabilities only affect 6LoWPAN wireless devices.

With remote code execution an attacker could take control of an internet-connected device and use it as a pivot point for lateral movement, as a persistence point on the target network or as the final target of an attack, the report points out.

“For enterprise organizations, this means they are at increased risk of having their network compromised or having malicious actors undermining their business continuity. For consumers, this means that their IoT devices may be used as part of large attack campaigns, such as botnets, without them being aware,” Forescout said. “It is difficult to assess the full impact of Amnesia:33 because the vulnerable stacks are widely spread (across diverse IoTOT and IT devices in different verticals), highly modular (with several combinations of enabled features and settings) and often incorporated in embedded components, such as systems-on-a-chip (SoCs), that are later used by device manufacturers. For the same reasons, these vulnerabilities tend to be very hard to eradicate.”

The report suggests a huge range of products that could be affected including environmental sensors (e.g., temperature, humidity), smart lights, smart plugs, barcode readers, specialized printers, and audio systems for retail, industrial control systems (including RTUs, protocol gateways and serial-to-Ethernet gateways) and IT equipment (printers, switches and wireless access points).

Forescout has shared its findings with co-ordinating agencies (such as the ICS-CERT and the CERT/CC), which have contacted the identified vendors. Some have already confirmed the vulnerabilities and issued their patches, the report says, but several are still investigating.

This isn’t the first group of weaknesses found in TCP/IP  stacks recently, the report notes. Studies that have resulted in the discoveries of the Ripple20 vulnerabilities on the Treck TCP/IP stack that affected millions of devices and the Bad Neighbor vulnerability on the ICMPv6 component of the Windows TCP/IP stack.

Forescout urges CIOs/CISOs to:

Exit mobile version