Cybersecurity researchers have found 33 vulnerabilities in four open source TCP / IP libraries. Currently, problematic libraries are used in the firmware of products from more than 150 vendors.
The holes were discovered by specialists of the Forescout company, they also noted that millions of industrial devices are at risk. Experts have combined all 33 holes under a common name – Amnesia: 33.
Vulnerabilities affect a whole range of different devices: smartphones, game consoles, SoCs (system on a chip, System-on-a-Chip, SoC), HVAC systems, printers, routers, IP cameras, and more.
Among the problematic libraries, Forescout researchers named uIP, FNET, picoTCP, and Nut / Net. Over the past twenty years, device manufacturers have frequently added one of these four libraries to their firmware to enable support for the TCP / IP protocols that are used for most networking today.
If these 33 vulnerabilities are successfully exploited, an attacker can carry out a number of dangerous attacks:
- Execute the code remotely (RCE) and take control of the attacked device.
- Cause denial of service (DoS) and disrupt manufacturing processes.
- Steal confidential information belonging to the attacked enterprise.
- Force a target device to visit a malicious site using a DNS cache poisoning attack.