Recently, a set of vulnerabilities were identified which affect millions of Internet-of-Things (IoT) devices using software developed by a company called Treck. The discovering research firm has titled the whole set of vulnerabilities Ripple20. Types of at-risk devices can include assets such as power supply systems, programmable logic controllers (PLCs), and medical equipment. These vulnerabilities range in severity, with the most severe vulnerabilities discovered leading to remote code execution, exposure of sensitive information, and out-of-bounds writing. Below are two of the vulnerabilities rated as a 10 out of 10, being the most severe:
- CVE-2020-11896: The Treck TCP/IP stack before 22.214.171.124 allows Remote Code Execution, related to IPv4 tunneling.
- CVE-2020-11897: The Treck TCP/IP stack before 126.96.36.199 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
Many affected vendors have already been notified by the research firm who discovered these vulnerabilities and are currently working on fixing and patching the issues. However, a very common trend with IoT devices is the lack of software and firmware updates. Although there are no working Proof-of-Concepts (POCs) for these vulnerabilities in the wild, it is not uncommon for Advanced Persistent Threat groups (APTs) and nation state actors to have the ability, time, and resources to reverse engineer security patches and develop a working exploit quickly. Because of this, nGuard recommends the below remediation strategies.
Take Inventory of Current IoT Devices
Taking an inventory of what is currently in your environment that may have this vulnerable software and removing any device that is not necessary for business related functions helps ensure a reduced attack surface.
Ensure Frequent Software and Firmware Updates
In addition to updating firmware and software of devices, consider reading the patch notes to understand what is being fixed. More often than not, software updates are pushed out to patch a security related flaw.
Conduct Penetration Tests
Include potential high-risk devices in scope for internal penetration tests to gain a better understanding of what an attacker could do.
Conduct Strategic Security Assessments
Initiate strategic security assessments to identify any critical gaps in your security program to protect against and mitigate threats like Ripple20.
Implement Proper Network Segmentation
By segmenting your network and keep high value target devices off of regular business networks, you reduce the risk of an attacker being able to exploit them.
For more information regarding Treck’s response to these vulnerabilities, please visit https://treck.com/vulnerability-response-information.