Ripple20 vulnerabilities will haunt the IoT landscape for years to come

Forums Security News (Security) Ripple20 vulnerabilities will haunt the IoT landscape for years to come

Tagged: 

  • This topic is empty.
Viewing 0 reply threads
  • Author
    Posts
    • August 6, 2020 at 1:28 pm #44177
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        The Ripple20 vulnerabilities
        These vulnerabilities — collectively referred to as Ripple20 — impact a small library developed by Cincinnati-based software company Treck.
        In an interview with last week, JSOF said this operation involved a lot of work and different steps, such as getting Treck on board, making sure Treck has patches on time, and then finding all the vulnerable equipment and reaching out to each of the impacted vendors.
        In an email to ZDNet on Monday, Treck has confirmed that patches are now available for all the Ripple20 vulnerabilities.
        But JSOF said the work on identifying all the vulnerable devices is not yet done.
        Oberman said that while not all of the Ripple20 vulnerabilities are severe, there are a few that are extremely dangerous, allowing attackers to take over vulnerable systems from a “remote” scenario.
        CVE-2020-11896 – CVSSv3 score: 10 – Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker.
        – CVSSv3 score: 10 – Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker.
        CVE-2020-11897 – CVSSv3 score: 10 – Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker.
        – CVSSv3 score: 10 – Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker.
        CVE-2020-11898 – CVSSv3 score: 9.8 – Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker.
        – CVSSv3 score: 9.8 – Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker.
        These four vulnerabilities, when weaponized, could allow attackers to easily take over smart devices or any industrial or healthcare equipment.

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0368203417 Build 04 April 2020

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.