MULTIPLE VULNERABILITIES IN TRECK TCP/IP STACK ANNOUNCED

A cybersecurity alert was issued yesterday, Dec. 21, 2020, regarding multiple vulnerabilities in Treck TCP/IP Stack. The vulnerabilities could allow an attacker to execute arbitrary code, which could potentially lead to a breach.

What It Is:

Multiple vulnerabilities have been discovered in Treck TCP/IP Stack, the most severe of which could result in arbitrary code execution. Treck TCP/IP Stack are networking protocol libraries that are specifically designed for embedded systems.

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read the original Treck Vulnerability Response Information.

Threat Intelligence:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected:

• Treck TCP/IP Stack versions 6.0.1.67 and prior

Risk:

Government:

• Large and medium government entities: High
• Small government entities: High

Businesses:

• Large and medium business entities: High
• Small business entities: High

Home users: Low

Technical Summary:

Multiple vulnerabilities have been discovered in Treck TCP/IP Stack, the most severe of which could result in arbitrary code execution. Details of these vulnerabilities are as follows:

• A heap-based buffer-overflow vulnerability. Specifically, this issue exists in Treck HTTP Server components. An unauthenticated attacker can exploit this issue to cause a denial-of-service conditions or to execute arbitrary code. [CVE-2020-25066]
• A denial-of-service vulnerability. Specifically, this issue occurs due to an out of bounds write error in the IPv6 component. [CVE-2020-27337]
• A denial-of-service vulnerability. Specifically, this issue occurs due to an out of bounds write error DHCPv6 client component. [CVE-2020-27338]
• An input-validation vulnerability. Specifically, this issue affects the IPv6 component. An attacker can exploit this issue to cause out of bounds read of up to three bytes. [CVE-2020-27336]

An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application and cause denial-of-service conditions.
 

What To Do:

We recommend the following actions be taken:

• Run all software as a nonprivileged user with minimal access rights. To reduce the impact of latent vulnerabilities, always run non-administrative software as an unprivileged user with minimal access rights.
• Deploy network intrusion detection systems to monitor network traffic for malicious activity.
• Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
• Do not accept or execute files from untrusted or unknown sources.
• To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
• Implement multiple redundant layers of security. Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.

 

Negative Consequences of Lost or Stolen Data:

The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Treck TCP/IP Stack, including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.