A long-known implementation error in the Transmission Control Protocol (TCP) that network devices use to communicate with each other continues to persist in TCP/IP stacks used in millions of IT, OT, and IoT devices.
The vulnerabilities give attackers a way to hijack TCP connections, close them, spoof packets, bypass authentication, and inject data into network traffic. The flaws were discovered in nine out of 11 TCP/IP stacks recently analyzed by Forescout as part of a broader study in recent months of the communication protocol's security.
The vulnerabilities—the same across all nine stacks—involve the manner in which the so-called Initial Sequence Number (ISN) is generated.
The ISN ensures that every TCP connection is unique, that there are no collisions with other connections, and that no third party can interfere with an ongoing connection. To guarantee this, the ISN is randomly generated so no one can guess the number and use it to hijack an ongoing connection or spoof a new one.
Forescout's analysis showed problems with the manner in which the TCP/IP stacks that were analyzed generate the ISNs. In nine of the 11 stacks, the ISNs were improperly generated, leaving the connections open to attacks. In some cases, the numbers were predictable, and in others, the problem had to do with the underlying algorithm. In other cases, the numbers had constant increments, while others used a combination of values that could be inferred, Forescout said in its report.
"TCP/IP stacks tend to have many critical vulnerabilities that are widespread," says Daniel dos Santos, research manager at Forescout Research Labs.
The ..
Support the originator by clicking the read the rest link below.
