Dubbed “Ripple20,” the set of 19 vulnerabilities dwells in the small Cincinnati-based software library developed by Treck
Dubbed “Ripple20,” the set of 19 vulnerabilities dwells in the small Cincinnati-based software library developed by Treck. The risky part is that if weaponised, the remote attackers could gain control over targeted devices without requiring any user interaction.
The library is believed to be existing from 1997, implementing a lightweight TCP/IP stack. For the past many years, multiple companies have been using this library to connect to the internet via TCP/IP connections. Some companies are unaware of the particular piece of code as the name of the vulnerable library doesn't appear in their code manifests.
According to JSOF, a cyber consultancy firm located in Israel who discovered these flaws - affected products include smart home devices, power grid equipment, healthcare systems, industrial gear, transportation systems, printers, routers, mobile/satellite communications equipment, data centre devices, commercial aircraft devices, various enterprise solutions and many others.
“One of the vulnerabilities could enable entry from outside into the network boundaries; this is only a small taste of the potential risks,” the researcher says.
There are four critical vulnerabilities in Treck TCP/IP, with CSSv3 scores over 10 and 9.8 and the other 15 vulnerabilities with CVSS ranging from 3.1 to 8.2 and effects ranging from Denial of Service to Potential Remote Code Execution.
The four critical vulnerabilities are:
- CVE-2020-11896- CVSSv3 score: 10 - Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorised network attacker. This vulnerability may result in remote code execution.
- CVE-2020-11896- CVSSv3 score: 10 - Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorised network attacker. This vulnerability may result in exposure of sensitive information.
- CVE-2020-11898- CVSSv3 score: 9.8 - Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorised network attacker. This vulnerability may result in the exposure of sensitive information.
- CVE-2020-11899- CVSSv3 score: 9.8 - Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorised network attacker. This vulnerability may result in the exposure of sensitive information.
“These four vulnerabilities, when weaponised, could allow attackers to easily take over smart devices or any industrial or healthcare equipment. Attacks are possible through the internet if the devices are connected online, or from local networks, if the attacker gains a foothold on an internal network (for example, via a compromised router),” reported ZDNet.
The patch updates for Ripple20 would not receive soon due to Covid-19 related delays, or some products have gone end-of-life, or vendors have shut down their operations. Researchers and ICS-CERT have recommended consumers and organisations to:
- Minimise network exposure for all control system devices and/or systems, and ensure that they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolate them from the business network.
- Recommended using virtual private networks for securely connecting your devices to Cloud-based services over the Internet.
Treck company has patched up most of the flaws with the release of TCP/IP stack version 6.0.1.67 or higher.
The researchers have published proof of concept video for the exploitation of these vulnerabilities.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: Private Zoom Video Recordings Exposed Online