Security News > 2020 > December > 'AMNESIA:33' Vulnerabilities in TCP/IP Stacks Expose Millions of Devices to Attacks
Millions of connected devices from over 150 vendors are affected by tens of vulnerabilities found in open source TCP/IP stacks, enterprise IoT security company Forescout revealed this week.
The Ripple20 flaws disclosed earlier this year and the URGENT/11 bugs made public in 2019 were revealed to render millions of devices vulnerable to remote attacks.
Attackers able to exploit these vulnerabilities could take full control of affected devices and then abuse them to move laterally within the environment, or to maintain persistent access to the target network.
Because components running the vulnerable stacks can be found on a variety of systems, including MCUs, SoCs, connectivity modules, OEM boards, consumer IoT, networking and office equipment, access control devices, IP cameras, and more, the impact of AMNESIA:33 flaws is broad, especially since the affected stacks are open source and not owned by a single company.
"The risk is that these vulnerabilities can spread easily and silently across multiple codebases, development teams, companies and products since these stacks form the basis of other software, operating systems, SoCs, embedded modules and development boards used to create a multitude of devices," Forescout points out.