For HomeFor BusinessFor Partners
Smart Home
1 min read

CISA Warns of Multiple Trek TCP/IP Stack Vulnerabilities

Silviu STAHIE

December 31, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
CISA Warns of Multiple Trek TCP/IP Stack Vulnerabilities

The Cybersecurity Infrastructure and Security Agency (CISA) is warning of yet another TCP/IP stack vulnerability problem that could lead to remote code execution and denial-of-service attacks.

The TCP/IP stack is not a visible layer, and it’s usually comprised of various protocols responsible for all Internet traffic. But, like many other components, it’s not a uniform layer, and different companies build different components, usually to cover specific needs.

In this situation, the Treck TCP/IP stack Version 6.0.1.67 is the one with issues, and it’s actually a bunch of vulnerabilities affecting various components. For example, a vulnerability in Treck HTTP Server components could let an attacker cause a denial-of-service condition. Another, an out-of-bounds write in the IPv6 component, could have let an unauthenticated user provoke a possible denial-of-service via network access.

Various implementations of the stack can be found in the critical manufacturing, information technology, healthcare and transportation systems. The stack is deployed worldwide, under many other names, including Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwikset and AMX.

Of course, the main method of mitigation would be to get the latest patches and apply them. If that’s not possible, Trek recommends that organizations implement firewall rules to filter out packets containing a negative content-length in the HTTP header.

Fortunately, no known exploits specifically target these vulnerabilities. Attackers would need a high skill level even to begin exploiting them.

Just a few weeks ago, security researchers flagged another set of TCP/IP vulnerabilities, dubbed Amnesia:33, possibly affecting millions of OT and IoT devices.

tags

Smart Home

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read
3 in 5 travel-themed spam emails are scams, Bitdefender Antispam Lab warns
Industry News Spam

3 in 5 travel-themed spam emails are scams, Bitdefender Antispam Lab warns

August 10, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

The Safety Formula - Episode 10: Human Intuition Meets Advanced Technology
The Safety Formula

The Safety Formula - Episode 10: Human Intuition Meets Advanced Technology
Bitdefender

April 17, 2024

2 min read
Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers
Industry News

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers
Graham CLULEY

March 06, 2024

2 min read
Crimemarket Taken Down by German Authorities
Industry News

Crimemarket Taken Down by German Authorities
Silviu STAHIE

March 05, 2024

1 min read

Bookmarks

loader