Amnesia 33 tcp ip stack analysis of open source infrastructure – bar chart Affected Components DNS TCP IPv6 IPv4 DHCP ARP IGMP mem allocator 2020-12

08.Dec.2020

Administration / Server, android, CyberSec / ITSec / Sicherheit / Security / SPAM, DNS / BIND / Name Resolving, General / Allgemein, HolyCow, InfoWars, networking

“In June of this year, “Ripple20” (not only) shook the Internet of things:

19 vulnerabilities in a TCP/IP Stack for Embedded devices made “hundreds of millions” devices vulnerable, according to their discoverers.

Now, Stack analysis by another team of researchers using Fuzzing, a variant of automated software testing, and static Code analysis have revealed 33 new vulnerabilities, three of which were rated critical.”

auto translated from https://www.heise.de/news/Amnesia-33-ein-Ripple20-Deja-vu-im-Open-Source-Gewand-4982063.html

https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/

CVE-2020-24336 (CVSS-Score 9.8/”Critical”, RCE, uIP)
CVE-2020-24338 (CVSS-Score 9.8/”Critical”, RCE, picoTP)
CVE-2020-25111 (CVSS-Score 9.8/”Critical”, RCE, Nut/Net)
CVE-2020-25112 (CVSS-Score 8.1/”High”, RCE, uIP)

what to do?

in order develops need to look at the vulnerabilities, fix them, and vendors need to provide automatic updates to all devices

Links:

src: https://www.heise.de/news/Amnesia-33-ein-Ripple20-Deja-vu-im-Open-Source-Gewand-4982063.html

src of src: https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/

admin