Security News > 2020 > December > ‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices
2020-12-08 11:00

The name "Amnesia:33" refers to the fact that most of the flaws stem from memory corruption - coupled with the fact that there are 33 flaws.

While researchers did not specify which vendors and specific devices were affected by the set of vulnerabilities, they said at least 150 vendors were affected.

The flaws are found in four TCP/IP stacks, which are a set of communication protocols used by internet-connected devices.

While four TCP/IP stacks were affected, researchers warn that several of these stacks have branched out or are used in multiple code bases, posing further patch management difficulties.

In terms of mitigation, researchers recommend various coursees of action in protecting networks from the Amnesia:33 TCP/IP flaws, including disabling or blocking IPv6 traffic when it's not necessary; configuring devices to rely on internal DNS servers as much as possible; and monitoring all network traffic for malformed packets that try to exploit known flaws.


News URL

https://threatpost.com/amnesia33-tcp-ip-flaws-iot-devices/161928/