Urgent11: VxWorks TCP stack RCE

 ( toMpEr | 2019. július 29., hétfő - 23:03 )

In its 32-year history, only 13 Common Vulnerabilities and Exposures (CVEs) have been listed by MITRE as affecting VxWorks. Armis discovered unusually low-level vulnerabilities within the IPnet stack affecting these specific VxWorks versions released in the last 13 years, from versions 6.5 and above. These are the most severe vulnerabilities found in VxWorks to date.

The “Urgent11” vulnerabilities (CVE-2019-12255 [CVS Sv3: 9.8] to CVE-2019-12262 [CVS Sv3: 5.4]) reside in IPnet, VxWorks’ TCP/IP stack, which was acquired by Wind River through its acquisition of Interpeak in 2006.

They include six critical flaws that enable remote code execution and five that can lead to denial of service, leaking of information or errors.

“It is important to note that in all scenarios, an attacker can gain complete control over the targeted device remotely with no user interaction required, and the difference is only in how the attacker reaches it.”

Ben Seri and Dor Zusman will ​present the vulnerabilities at Black Hat USA 2019 and will demonstrate real-world end-to-end attacks on three VxWorks-based devices: a SonicWall firewall, a Xerox printer and a patient monitor.

- 200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS
- https://armis.com/urgent11/
- https://go.armis.com/hubfs/White-papers/Urgent11%20Technical%20White%20Paper.pdf

Hozzászólás megjelenítési lehetőségek

A választott hozzászólás megjelenítési mód a „Beállítás” gombbal rögzíthető.

VxWorks használók: https://en.wikipedia.org/wiki/VxWorks#Notable_uses

Ami talán sokakat érinthet: Linksys WRT54G V5-től (2005), bár arról nem találtam infót, hogy ezek az eszközök milyen verziójú VxWorks-on futnak.

Úgy érzem egy pár volt kollégának rajzolódik egy nagy szoptál cetli.

VXWorks TCP stackjében azért voltak bőven problémák, volt kollégák tudnának mesélni...