On Tuesday, an Israel-based cybersecurity company issued a caveat that millions of IoT devices globally are likely to be exposed to remote attacks on account of grave security faults impacting the Treck TCP/IP stack.
Treck TCP/IP is a high-profile TCP/IP protocol set intended explicitly for embedded systems. JSOF investigators have revealed that the product is impacted by as many as 19 flaws, which they together track as Ripple20.
The flaws valued critical and high-severity can be misused for remote code execution, denial-of-service (DoS) attacks, and for acquiring possibly important information. Abuse involves sending especially created IP packets or DNS requests to the targets, and in some situations, it is likely to execute attacks directly from the internet.
“Ripple20 vulnerabilities are unique both in their widespread effect and impact due to supply chain effect and being vulnerabilities allowing attackers to bypass NAT and firewalls and take control of devices undetected, with no user interaction required,” JSOF said in a report describing Ripple20. “This is due to the vulnerabilities’ being in a low level TCP/IP stack, and the fact that for many of the vulnerabilities, the packets sent are very similar to valid packets, or, in some cases are completely valid packets. This enables the attack pass as legitimate traffic.”
The susceptible library has been used in devices made by hundreds of organizations. As per JSOF, exploitation of the vulnerabilities can allow an attacker to maintain access to a network, cause monetary harm, cause interruption, or take control of devices.
It’s important to note that investigators have only established the presence of the susceptibilities in the products of a few of companies, such as B. Braun, Baxter, Caterpillar, HP, Intel, Schneider, Sandia National Labs, Rockwell, and HCL Technologies.
JSOF says it has been working with numerous organizations to coordinate the revelation of the susceptibilities and repairing efforts, including CERT/CC, CISA, the FDA, national CERTs, impacted vendors, and other cybersecurity companies.