New DNS vulnerabilities have the potential to impact millions of devices

2021-04-13 04:30

Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks - namely FreeBSD, IPnet, Nucleus NET and NetX - which are commonly present in well-known IT software and popular IoT/OT firmware and have the potential to impact millions of IoT devices around the world.

More than 180,000 devices in the U.S. and more than 36,000 devices in the UK are believed to be affected.

If exploited, bad actors can use them to take target devices offline or assume control of their operations.

"Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up to date patches for any devices running across these affected IP Stacks."

Servers or forwarders vulnerable to DNSpooq and similar vulnerabilities on the way between the target device and a more authoritative DNS server could be exploited to reply with malicious messages carrying a weaponized payload. After the initial access, the attacker can use the compromised entry point to set up an internal DHCP server and do a Lateral Movement by executing malicious code on vulnerable internal FreeBSD servers broadcasting DHCP requests.

"Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just be a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security," warns dos Santos.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/0FGTJK71p5I/

#DNS #vulnerabilities