Just as ICS-CERT published a new advisory detailing four new vulnerabilities in the Treck TCP/IP stack, Forescout released an open-source tool for detecting whether a network device runs one of the four open-source TCP/IP stacks (and their variations) affected by the Amnesia:33 vulnerabilities.
New vulnerabilities in the Treck TCP/IP stack
Reported by Intel researchers and confirmed by Treck Inc., four newly discovered vulnerabilities affect Treck TCP/IP stack Version 6.0.1.67 and prior:
Of those, CVE-2020-25066 is the most critical, as it could allow an attacker to cause a denial-of-service condition, but may also result in arbitrary code execution.
“The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or ..
Support the originator by clicking the read the rest link below.
