On Dec-18 Intel reported four more vulnerabilities on Treck TCP/IP stack on top of 19 more vulnerabilities found by JSOF early this year. The four vulnerabilities are:
CVE-2020-25066, Heap-based buffer overflow with a CVSS V3 base score of 9.8
CVE-2020-27337, Out-of-bounds write with a CVSS V3 score of 9.1
CVE-2020-27338, Out-of-bounds read with a CVSS V3 score of 5.9
CVE-2020-27336, Out-of-bounds read with a CVSS V3 score of 3.7
Ordr did extensive work to not only help identify devices impacted by the Ripple20 vulnerabilities but also detect any active exploitations happening. Please refer to the previous document published on how Ordr can help with Ripple20 vulnerabilities - https://resources.ordr.net/security-bulletin/how-ordr-detects-and-mitigates-ripple20
As of now only one manufacturer has published the new vulnerabilities with a list of impacted products and the Treck official page acknowledged these new vulnerabilities. Treck also refers the CERT coordination center advisory which lists the same set of devices that was identified by the previous advisory implying that it’s in the common code base.
Based on the advisories, Ordr extends the capability to cover the new vulnerabilities as well. In summary, Ordr provides detection and protection in three different ways,
- Identify devices that are impacted by Ripple20 based on manufacturer advisories.
- Ordr does understand that a significant percentage of devices may never be publicly identified as Ripple20 impacted due to various reasons. Ordr developed an in-built scanner which can detect if a device is impacted by these Ripple20 vulnerabilities.
- Ordr has an in-built IDS engine. Specific signatures were developed to detect any active exploitation of these vulnerabilities. Alarms will be generated and can be pushed to a SIEM platform for immediate action.
Finally, the best way to protect the organization is behavior based microsegmentation. Ordr provides the industry leading microsegmentation solution with variety of options based on customer needs.
For more information on how Ordr can help you identify and manage vulnerabilities for any connected device, please contact firstname.lastname@example.org.