Executive Summary
Summary | |
---|---|
Title | NicheStack embedded TCP/IP has vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#608209 | First vendor Publication | 2021-08-10 |
Vendor | VU-CERT | Last vendor Modification | 2021-08-10 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OverviewHCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT" DescriptionHCC Embedded acquired NicheStack from Interniche in order to provide TCP/IP protocol capabilities to lightweight devices such as IoT. NicheStack has been made available since late 1990's to a widely varied customer base in multiple forms to support various implementations. This has made NicheStack to be part of a complex supply chain into major industries including devices in critical infrastructure. Forescout and JFrog researchers have identified 14 vulnerabilities related to network packet processing errors in NicheStack and NicheLite versions 4.3 released before 2021-05-28. Most of these vulnerabilities stem from improper memory management commonly seen in lightweight operating systems. Of these 14 vulnerabilities, five involve processing of TCP and ICMP (OSI Layer-4 protocols) and the rest involve common application protocols such as HTTP and DNS (OSI Layer-7). The processing of these OSI layers involve a number of boundary checks and some specific "application" processing capabilities (such as randomization) commonly overlooked in development of lightweight networking software. Various stakeholders, including HCC Embedded, have made attempts to reach impacted vendors to provide software fixes that address these issues. A lack of formalization of software OEM relationships and a lack of Software Bill of Materials (SBOM) has complicated this outreach and the much-needed identification of impacted devices. ImpactThe impact of exploiting these vulnerabilities will vary widely, depending on the implementation options used while developing embedded systems that use NicheStack or NicheLite. As these vulnerabilities involve processing of network packets, attackers can generally abuse these errors via remote network access. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause a denial of service, disclose information, or in some cases be able to execute arbitrary code on the target device. SolutionApply updatesThe most reliable way to address these vulnerabilities is to update to the latest stable version of NicheStack software mentioned in HCC Embedded mentioned in their Security Advisories. If you are unsure or have discovered NicheStack using open-source tools provided by Forescout, reach out to HCC Embedded via their PSIRT security team or to your upstream vendor in your supply chain to obtain the software fixes. HCC has also provided a register to be notified web page for sustaining this outreach for their long-standing customers. Block anomalous IP trafficCERT/CC recognizes that many implementations of NicheStack involve longer lifecycles for patching. In the meantime, if feasible, organizations can consider isolating impacted devices and blocking network attacks using network inspection, as detailed below, when network isolation is not feasible. It is recommended that security features available to you in devices such as router, firewalls for blocking anomalous network packets are enabled and properly configured. Below is a list of possible mitigations that address some specific network attacks that attempt to exploit these vulnerabilities.
When blocking or isolating is not an option, perform passive inspection using IDS that can alert on anomalous attempts to exploit these vulnerabilities. See also our recommendations and IDS rules that were made available for Treck TCP/IP stack related vulnerabilities VU#257161 for examples. AcknowledgementsThanks to Amine Amri, Stanislav Dashevskyi, and Daniel dos Santos from Forescout, and Asaf Karas and Shachar Menashe from JFrog who reported these vulnerabilities and supported coordinated disclosure. HCC Embedded, the primary OEM vendor, also supported our efforts to coordinate and develop security fixes to address these issues. This document was written by Vijay Sarvepalli. |
Original Source
Url : https://kb.cert.org/vuls/id/608209 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-125 | Out-of-bounds Read |
25 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
17 % | CWE-330 | Use of Insufficiently Random Values |
17 % | CWE-20 | Improper Input Validation |
8 % | CWE-331 | Insufficient Entropy |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
Application | 1 | |
Application | 1 |
Alert History
Date | Informations |
---|---|
2021-09-23 17:29:14 |
|
2021-09-23 17:17:40 |
|
2021-08-26 09:28:47 |
|
2021-08-10 21:17:57 |
|