Security News > 2020 > June > Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack

19 vulnerabilities - some of them allowing remote code execution - have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT and OT devices deployed by organizations in a wide variety of industries and sectors.

"The library could be used as-is, configured for a wide range of uses, or incorporated into a larger library. The user could buy the library in source code format and edit it extensively. It can be incorporated into the code and implanted into a wide range of device types," the researchers explained.

"The original purchaser could decide to rebrand, or could be acquired by a different corporation, with the original library history lost in company archives. Over time, the original library component could become virtually unrecognizable. This is why, long after the original vulnerability was identified and patched, vulnerabilities may still remain in the field, since tracing the supply chain trail may be practically impossible."

The vulnerabilities were discovered by Moshe Kol and Shlomi Oberman from JSOF in the Treck TCP/IP library, and Zuken Elmic confirmed that some of them affect the Kasago library.

"Most of the vulnerabilities are true zero-days, with 4 of them having been closed over the years as part of routine code changes, but remained open in some of the affected devices. Many of the vulnerabilities have several variants due to the stack configurability and code changes over the years."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/GgIO4bR2EfE/