Serious Vulnerabilities Discovered in Treck TCP/IP Stack Impacting Millions of IoT Devices

The US Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning regarding significant vulnerabilities in a low-level TCP/IP software library created by Treck. If exploited, these vulnerabilities could enable remote attackers to execute arbitrary commands and conduct denial-of-service (DoS) attacks. The identified flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier, and were reported to Treck by Intel. Among these, two are classified as critical. Treck’s embedded TCP/IP stack is widely utilized across various sectors, including manufacturing, information technology, healthcare, and transportation.

The most critical vulnerability is a heap-based buffer overflow (CVE-2020-25066) found in the Treck HTTP Server component, which may allow an attacker to crash or reset the target device and potentially execute remote code, receiving a CVSS score of 9.8 out of 10. The second flaw, an out-of-bounds write within the IPv6 component (CVE-2020-27337), also poses a significant threat with a CVSS score of 9.1.

New Vulnerabilities in Treck TCP/IP Stack Threaten Millions of IoT Devices

On December 23, 2020, the Cybersecurity Infrastructure and Security Agency (CISA) issued a warning regarding multiple critical vulnerabilities found in Treck’s TCP/IP software library. These vulnerabilities pose significant risks to various Internet of Things (IoT) devices globally, potentially allowing remote attackers to execute arbitrary commands and conduct denial-of-service (DoS) attacks. The identified flaws specifically impact version 6.0.1.67 and earlier of the Treck TCP/IP stack, which is widely utilized across sectors such as manufacturing, information technology, healthcare, and transportation.

Reported by Intel, these vulnerabilities include four critical issues, two of which are rated as highly critical in severity. The most alarming of these is a heap-based buffer overflow vulnerability (CVE-2020-25066) within the Treck HTTP Server component. This flaw carries a CVSS score of 9.8, marking it as particularly grave. An attacker exploiting this vulnerability could potentially crash, reset, or even execute remote code within the affected device, leading to severe operational disruptions.

Additionally, another significant flaw identified is an out-of-bounds write vulnerability in the IPv6 component (CVE-2020-27337), which has a CVSS score of 9.1. An unauthorized user could exploit this vulnerability, further illustrating the serious risks associated with the Treck TCP/IP stack.

These vulnerabilities affect millions of devices worldwide, making them prime targets for cyber adversaries. As industries increasingly rely on interconnected devices, the implications of such vulnerabilities extend beyond individual organizations to broader systems and infrastructures. A successful exploitation could allow adversaries to gain initial access to networks, escalate privileges, and establish persistence, as outlined in the MITRE ATT&CK framework.

This situation highlights a growing concern within the realm of cybersecurity, particularly for businesses that depend on the seamless operation of IoT devices. As the interconnected nature of these devices continues to evolve, so too do the threats associated with them. Companies must prioritize the assessment of their systems for potential vulnerabilities and implement necessary mitigations to safeguard sensitive data and operational integrity.

Given the critical nature of these findings, organizations utilizing the Treck TCP/IP stack must take immediate action to update affected systems. Proactive measures, including thorough vulnerability assessments and continuous monitoring, are essential to address these threats. The evolving landscape of cyber threats requires ongoing vigilance and commitment to cybersecurity best practices from all organizations involved.

As the ramifications of these vulnerabilities unfold, industry stakeholders are urged to stay informed and prepared. In a digital landscape where devices are increasingly under siege, ensuring robust security protocols is imperative for maintaining operational continuity and protecting valuable assets.

Source link

Related Posts

Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability

Dec 24, 2020

Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.

Google Docs Vulnerability Could Have Exposed Your Private Documents to Hackers

On December 29, 2020, a bug in Google’s feedback tool was patched, which could have allowed attackers to access sensitive screenshots of Google Docs by embedding the documents on malicious websites. Discovered by security researcher Sreeram KL on July 9, this flaw earned him a reward of $3,133.70 through Google’s Vulnerability Reward Program. The feedback feature, designed to let users report issues while optionally including screenshots, is implemented across various Google services. Instead of replicating this feature, Google utilizes an iframe element that pulls content from “feedback.googleusercontent.com,” thereby posing a security risk.

Warning: Publicly Available Exploit for SAP Solution Manager Vulnerability Discovered

Cybersecurity experts have issued a warning regarding a fully-functional exploit now circulating online, which targets SAP enterprise software. This exploit takes advantage of a vulnerability, identified as CVE-2020-6207, resulting from a lack of authentication checks in SAP Solution Manager (SolMan) version 7.2. SAP SolMan is a comprehensive application management solution that facilitates end-to-end application lifecycle management across distributed environments, serving as a central hub for managing SAP systems, including ERP, CRM, HCM, SCM, BI, and more. Researchers at Onapsis stated that successful exploitation could enable a remote, unauthenticated attacker to perform highly privileged administrative tasks within connected SAP SMD Agents, utilized for analyzing and monitoring SAP systems. This vulnerability has a critical CVSS base score of 10.0 and was addressed by SAP in a recent update.