Skip to main content

Ripple20 Network Vulnerabilities

Security researchers have disclosed details of 19 vulnerabilities, collectively referred to as Ripple20, affecting the Track TCP/IP network stack. They claim that a remote unauthenticated attacker could exploit some or all of these vulnerabilities to execute arbitrary code, extract sensitive data, cause a denial-of-service condition on an affected system.

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security researchers have disclosed details of 19 vulnerabilities, collectively referred to as Ripple20, affecting the Track TCP/IP network stack. They claim that a remote unauthenticated attacker could exploit some or all of these vulnerabilities to execute arbitrary code, extract sensitive data, cause a denial-of-service condition on an affected system.


Affected platforms

The following platforms are known to be affected:

  • Treck TCP/IP stack - Versions prior to 6.0.1.67

Threat details

The Track TCP/IP stack is integrated into a wide variety of embedded network systems including SOHO and Internet-of-Things products, medical devices, and industrial control systems. This diversity of systems and implementations makes it difficult to properly assess the impact presented by exploitation of the Ripple20 vulnerabilities.

For further information:


Remediation steps

Type Step

Treck has released a security advisory confirming that the Ripple20 vulnerabilities have been addressed in the latest version of their TCP/IP stack, it is highly unlikely that most downstream vendors have integrated this version into their products or systems. Affected organisations are encouraged to contact their relevant suppliers to obtain any updates necessary.

The following partial mitigation steps may also be applied where necessary:

  • Disable IP-in-IP and IPv6-in-IPv4 tunnelling if not needed.
  • Block IP source routing and any IPv4 deprecated features.
  • Enforce TCP inspection and rejection of malformed TCP packets.
  • Normalise or reject IP fragments (IP Fragments) if not supported.
  • Normalise DNS through a secure recursive server or application layer firewall.
  • Block unused ICMP control messages such MTU Update and Address Mask updates.
  • Use reliable OSI layer 2 equipment.
  • Use DHCP security features such as DHCP-snooping.
  • Disable or block IPv6 multicast if not used in switching infrastructure.

Further mitigation guidance can be found here.



Last edited: 29 June 2021 12:01 pm