Millions of devices vulnerable to TCP/IP exploits

By Dylan Bushell-Embling
Friday, 11 December, 2020

Millions of devices vulnerable to TCP/IP exploits

Most organisations worldwide are vulnerable to a newly discovered set of memory-corrupting TCP/IP exploits present in millions of devices, Forescout has warned.

In a new study, the security company has revealed the existence of AMNESIA:33, a set of 33 memory corrupting vulnerabilities in the popular open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net.

These open-source stacks are used across multiple codebases, development teams, companies and products, meaning the exploits leave millions of IoT, Industrial IoT, Internet of Medical Things, IT and operational technology devices from as many as 150 vendors at risk.

Many of the vulnerabilities relate to memory corruption and can cause denial of service, information leaks or — in the case of four critical vulnerabilities — remote code execution. Exploiting these latter vulnerabilities could allow an attacker to take control of a device and use it as an entry point for infiltrating a corporate network.

Some of the exploits allow for devices to be crashed with just a single malicious packet, according to the report.

“Over the last several years, we’ve seen an escalation in attacks leveraging connected devices. What the world is just beginning to understand though is that traditional IT devices represent only the tip of the iceberg when it comes to cyber risk and that the proliferation of unagentable IoT, OT and other connected devices will create a potentially far greater attack surface,” Forescout CEO Greg Clark said.

“The nature of vulnerabilities like AMNESIA:33 fundamentally changes our understanding of the risks posed by connected devices. Organisations are only as strong as their weakest link, and executives and boards of directors have a responsibility to understand the full spectrum of the attack surface all the way down to the supply chain level.”

Clark said Forescout’s analysis traces many of the vulnerabilities to bad software development practices, such as an absence of basic input validation.

“Given the widespread nature of these vulnerabilities and the difficulty in remedying them at scale, it is only a matter of time before they are exploited. Organisations must ready themselves before that time comes or else knowingly leave themselves open to attack,” he said.

Forescout’s research is the first completed study under Forescout Research Labs’ Project Memoria, which aims to provide the community with the largest study yet published on the security of TCP/IP stacks.

The report found that the largest category of vulnerable devices is IoT devices, which are notorious for having lax security.

Image credit: ©

Related Articles

Malwarebytes targeted by SolarWinds attackers

Malwarebytes disclosed that the same nation state actor behind the SolarWinds Orion breach...

SolarWinds details Orion cyber attack

SolarWinds believes it has uncovered the highly sophisticated methods used to inject malicious...

Microsoft source code breached in SolarWinds hack

Microsoft says the state attackers behind the SolarWinds Orion compromise viewed some of its...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd