Vulnerability Spotlight: Authentication bypass, use-after-free vulnerabilities found in a library for the µC/OS open-source operating system

Kelly Leuschner of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered two vulnerabilities in a library for µC/OS, an open-source operating system developed by Micrium.

µC/OS is an embedded operating system that supports TCP/IP, USB, CAN bus and Modbus. The two vulnerabilities Talos discovered specifically exist in the operating system's FTP server.

TALOS-2022-1680 (CVE-2022-41985) could allow an attacker to bypass the authentication protocol on the operating system, or cause a denial-of-service, by sending the targeted machine a specially crafted set of network packets.

Similarly, TALOS-2022-1681 (CVE-2022-46377 - CVE-2022-46378) is also triggered by a set of network packets, though in this case, it can cause a denial-of-service and a use-after-free condition.

Cisco Talos worked with Weston Embedded, who maintains this software, to ensure these vulnerabilities are resolved and an update is available for affected customers, all in adherence to Cisco's vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Weston Embedded uC-FTPs, version 1.98.00. Talos tested and confirmed this version of the OS could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against these vulnerabilities: 125:4. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.