Lucene search

K
thnThe Hacker NewsTHN:16FE02C52CCB308E7739CDE97FA32A3C
HistoryDec 23, 2020 - 6:51 a.m.

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

2020-12-2306:51:00
The Hacker News
thehackernews.com
54

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks.

The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of these are rated critical in severity.

Treck’s embedded TCP/IP stack is deployed worldwide in manufacturing, information technology, healthcare, and transportation systems.

The most severe of them is a heap-based buffer overflow vulnerability (CVE-2020-25066) in the Treck HTTP Server component that could permit an adversary to crash or reset the target device and even execute remote code. It has a CVSS score of 9.8 out of a maximum of 10.

The second flaw is an out-of-bounds write in the IPv6 component (CVE-2020-27337, CVSS score 9.1) that could be exploited by an unauthenticated user to cause a DoS condition via network access.

Two other vulnerabilities concern an out-of-bounds read in the IPv6 component (CVE-2020-27338, CVSS score 5.9) that could be leveraged by an unauthenticated attacker to cause DoS and an improper input validation in the same module (CVE-2020-27336, CVSS score 3.7) that could result in an out-of-bounds read of up to three bytes via network access.

Treck recommends users to update the stack to version 6.0.1.68 to address the flaws. In cases where the latest patches cannot be applied, it’s advised that firewall rules are implemented to filter out packets that contain a negative content-length in the HTTP header.

The disclosure of new flaws in Treck TCP/IP stack comes six months after Israeli cybersecurity company JSOF uncovered 19 vulnerabilities in the software library — dubbed Ripple20 — that could make it possible for attackers to gain complete control over targeted IoT devices without requiring any user interaction.

What’s more, earlier this month, Forescout researchers revealed 33 vulnerabilities — collectively called AMNESIA:33 — impacting open-source TCP/IP protocol stacks that could be abused by a bad actor to take over a vulnerable system.

Given the complex IoT supply chain involved, the company has released a new detection tool called “project-memoria-detector” to identify whether a target network device runs a vulnerable TCP/IP stack in a lab setting.

You can access the tool via GitHub here.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for THN:16FE02C52CCB308E7739CDE97FA32A3C