The US Cybersecurity Infrastructure and Security Agency (CISA) warned that a low-level TCP/IP software library developed by Treck has serious vulnerabilities, allowing remote attackers to run arbitrary commands and launch denial of service (DoS) attacks.
These four vulnerabilities affect Treck TCP/IP Stack 6.0.1.67 and earlier versions, and two of them are critical.
Treck's embedded TCP/IP Stack is deployed in global manufacturing, information technology, healthcare, and transportation systems.
The most serious of these is the heap-based buffer overflow vulnerability ( CVE-2020-25066 ) in the Treck HTTP server component , which allows an attacker to reset or crash the target device, or even execute remote code. Its CVSS score is 9.8 points (maximum 10 points).
The second vulnerability is an out -of- bounds write in the IPv6 component ( CVE-2020-27337 , CVSS score 9.1). Unauthenticated users can use this vulnerability to cause DoS through network access.
The other two vulnerabilities involve out -of- bounds reads in IPv6 components ( CVE-2020-27338 , CVSS score 5.9). Unauthenticated attackers may use this vulnerability to cause DoS. An input validation error vulnerability ( CVE-2020-27336 , CVSS score 3.7) in the same module can cause out-of-bounds reads (read up to three bytes through network access).
Treck recommends that users update to version 6.0.1.68. When the latest patch cannot be applied, it is recommended to use a firewall to filter out packets with negative content length in the HTTP header.
Six months before the new vulnerabilities in the Treck TCP/IP Stack, the Israeli cyber security company JSO F discovered 19 vulnerabilities in a software library named Ripple20 , which may allow attackers to gain access without any user interaction. Full control of the target IoT device.
In addition, earlier this month, Forescout researchers discovered 33 vulnerabilities, collectively referred to as " AMNESIA: 33 ". These vulnerabilities may lead to the abuse of TCP/IP Stack, allowing attackers to control vulnerable systems.
Considering the complex IoT supply chain, the company released a new detection tool called "project-memoria-detector" to determine whether the target network device is running the vulnerable TCP/IP Stack in a laboratory environment.
The tool can be accessed through GitHub .