Researchers of Intel have discovered four security in the (closed-source) TCP / IP stack of the company Trekt – that stack, which in June of this year from the 19 licking comprehensive collection "Ripple20" was affected. Two of the new lewish findings are considered critical: remote, unauthenticated attackers could abuse them to create vulnerable systems by denial-of-service attack or exercise any program code on it. Licking the other two "Low"- or "medium"-Assigned classifications.
The TCP / IP stack from the trek is optimized for embedded devices and is used by companies such as HP, Intel, Schneider Electric, Rockwell Automation and many others. The areas of application are varied and range from smart home- and networked bureaucers over medical devices to industrial control systems.
Treck has confirmed the leach and published an update. So far (yet) is no publicly available exploit code for the laughter, active attacks were not observed. However, the attack complexity for critical lights is classified as low.
Affected stacks and updates
The security strike CVE-2020-25066, CVE-2020-27337, CVE-2020-27338 and CVE-2020-27336 (CVSS Scores 9.8, 9.1, 5.9, 3.7) Insert in the HTTP server, IPv6 and DHCPV6 code of all stack versions to simply 184.108.40.206. A separate assistant safety instructions of the US authority CISA indicates that the TRECK TCP / IP stack is also used under other names and calls as examples Kasago TCP / IP, Elmic, Net + OS, Quadnet, Ghnet V2, Kwiknet and AMX.
Stacks from version 220.127.116.11 are hedged according to CISA; Manufacturer of vulnerable products can be requested by e-mail due to patches.
End users usually learn from the vulnerability of their equipment only if the manufacturers provide information and deploy updates. As an indication, the CVE IDs can help to assign the relevant patches to the leach. However, many users were allowed to look in vain: for many (cheap) devices simply no updates and update mechanisms are provided. In other cases it takes quite a while to distribution.
Treck Council users with missing update possibilities, by means of Firewall rules HTTP packages to block in the header field "Content-Length" have a negative value. A more general indication that the OTTO normal consumer can do more, the CISA – namely supplies the accessibility to potentially vulnerable devices on the Internet and in doubt to use a secure connection about VIA VPN.