Executive Summary
Summary | |
---|---|
Title | Treck IP stacks contain multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#257161 | First vendor Publication | 2020-06-16 |
Vendor | VU-CERT | Last vendor Modification | 2020-10-08 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 10 | ||
Base Score | 10 | Environmental Score | 10 |
impact SubScore | 6 | Temporal Score | 10 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Changed | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewTreck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. DescriptionTreck IP network stack software is designed for and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source, licensed for modification and reuse and finally as a dynamic or static linked library. Treck IP software contains multiple vulnerabilities, most of which are caused by memory management bugs. For more details on the vulnerabilities introduced by these bugs, see Treck's Vulnerability Response Information and JSOF's Ripple20 advisory. Historically-related KASAGO TCP/IP middleware from Zuken Elmic (formerly Elmic Systems) is also affected by some of these vulnerabilities. These vulnerabilities likely affect industrial control systems and medical devices. Please see ICS-CERT Advisory ICSA-20-168-01 for more information. ImpactThe impact of these vulnerabilities will vary due to the combination of build and runtime options used while developing different embedded systems. This diversity of implementations and the lack of supply chain visibility has exasperated the problem of accurately assessing the impact of these vulnerabilities. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or execute arbitrary code. SolutionApply updatesUpdate to the latest stable version of Treck IP stack software (6.0.1.67 or later). Please contact Treck at security@treck.com. Downstream users of embedded systems that incorporate Treck IP stacks should contact their embedded system vendor. Block anomalous IP trafficConsider blocking network attacks via deep packet inspection. In some cases, modern switches, routers, and firewalls will drop malformed packets with no additional configuration. It is recommended that such security features are not disabled. Below is a list of possible mitigations that can be applied as appropriate to your network environment.
Further recommendations are available here. Detect anomalous IP trafficSuricata IDS has built-in decoder-event rules that can be customized to detect attempts to exploit these vulnerabilities. See the rule below for an example. A larger set of selected vu-257161.rules are available from the CERT/CC Github repository.
AcknowledgementsMoshe Kol and Shlomi Oberman of JSOF https://jsof-tech.com researched and reported these vulnerabilities. Treck worked closely with us and other stakeholders to coordinate the disclosure of these vulnerabilities. This document was written by Vijay Sarvepalli. |
Original Source
Url : https://kb.cert.org/vuls/id/257161 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
46 % | CWE-125 | Out-of-bounds Read |
15 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
8 % | CWE-191 | Integer Underflow (Wrap or Wraparound) |
8 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
4 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
4 % | CWE-416 | Use After Free |
4 % | CWE-415 | Double Free |
4 % | CWE-330 | Use of Insufficiently Random Values |
4 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
4 % | CWE-131 | Incorrect Calculation of Buffer Size (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-09-09 | Treck TCP/IP stack CNAME record heap overflow attempt RuleID : 54706 - Revision : 1 - Type : PROTOCOL-DNS |
2020-09-09 | Treck TCP/IP stack CNAME record heap overflow attempt RuleID : 54705 - Revision : 1 - Type : PROTOCOL-DNS |
2020-07-23 | Potentially suspicious fragmented IP in IP packet RuleID : 54383 - Revision : 2 - Type : POLICY-OTHER |
Alert History
Date | Informations |
---|---|
2020-10-08 17:17:34 |
|
2020-09-30 21:17:42 |
|
2020-09-25 21:17:49 |
|
2020-09-24 17:17:38 |
|
2020-09-02 17:17:39 |
|
2020-08-07 21:17:44 |
|
2020-08-07 00:17:29 |
|
2020-07-30 21:17:41 |
|
2020-07-23 17:17:27 |
|
2020-07-11 00:28:27 |
|
2020-07-11 00:17:28 |
|
2020-07-10 17:28:11 |
|
2020-07-10 17:17:27 |
|
2020-07-09 21:28:37 |
|
2020-07-09 21:17:37 |
|
2020-07-09 00:28:23 |
|
2020-07-09 00:17:29 |
|
2020-07-03 21:28:53 |
|
2020-07-03 21:17:56 |
|
2020-07-02 17:28:29 |
|
2020-07-02 17:17:29 |
|
2020-06-26 17:28:15 |
|
2020-06-26 00:17:34 |
|
2020-06-23 05:17:25 |
|
2020-06-22 17:17:27 |
|
2020-06-19 21:28:21 |
|
2020-06-19 17:17:27 |
|
2020-06-18 17:17:25 |
|
2020-06-17 17:28:12 |
|
2020-06-17 17:17:26 |
|
2020-06-16 21:17:35 |
|