Ripple20 is a set of vulnerabilities discovered in 2020 in a software library that implemented a TCP/IP stack. The security concerns were discovered by JSOF, which named the collective vulnerabilities for how one company's code became embedded into numerous products.

Description

Ripple20 is a set of 19 vulnerabilities discovered in 2020 in a software library developed by the Cincinnati-based[1] company Treck Inc., which implemented a TCP/IP stack.[2]

History

The first release of Treck's library was around 1997.[1] Treck had also worked with Elmic Systems, which created a fork of the library when the companies ended their collaboration.[3] In September 2019, JSOF researchers analyzed a device containing code from the library and discovered it had vulnerabilities. Further analysis determined that the code originated from Treck's library, which had been widely implemented by numerous manufacturers.[3] The disclosure of the vulnerabilities was made in June 2020.[4][5][6][7] Ripple20 was chosen as the name for the set of vulnerabilities based on the disclosure year and the idea that the problems "rippled" through the supply chain from one company.[2][8] It is difficult to identify all affected devices, because manufacturers may not realize that the library was used in one of their components.[9]

References

  1. 1 2 Catalin Cimpanu (2018-08-21). "Ripple20 vulnerabilities will haunt the IoT landscape for years to come". ZDNet. Retrieved 2020-07-02.
  2. 1 2 Andy Greenberg (2020-06-16). "Ripple20 Bugs Put Hundreds of Millions of IoT Devices at Risk". WIRED. Retrieved 2020-07-02.
  3. 1 2 "disclosure". jsof-tech.com. Retrieved 2020-07-02.
  4. "Ripple20 Threatens Increasingly Connected Medical". Darkreading.com. Retrieved 2020-07-02.
  5. "This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords". Hackaday. 2020-06-26. Retrieved 2020-07-02.
  6. "List of Ripple20 vulnerability advisories, patches, and updates". Bleepingcomputer.com. 2020-06-25. Retrieved 2020-07-02.
  7. "Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020". Tools.cisco.com. 2020-06-16. Retrieved 2020-07-02.
  8. "Overview". jsof-tech.com. Retrieved 2020-07-02.
  9. Jon Gold. "Ripple20 TCP/IP flaws can be patched but still threaten IoT devices". Network World. Retrieved 2020-07-02.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.