Alert GCSA-20115 - Vulnerabilita' multiple nello stack TCP/IP per sistemi embedded - AMNESIA:33
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
********************************************************************************
Alert ID: GCSA-20115
Data: 9 Dicembre 2020
Titolo: Vulnerabilita' multiple nello stack TCP/IP per sistemi embedded
- - AMNESIA:33
********************************************************************************
:: Descrizione del problema
Sono state riscontrate 33 vulnerabilita', chiamate AMNESIA:33, che
riguardano molte librerie OpenSource di stack TCP/IP in sistemi embedded
IoT. Alcune di queste possono essere sfruttate per ottenere da remoto il
controllo completo di un sistema affetto.
:: Sistemi interessati
Al momenti sono stati riscontrati questi sistemi affetti, ma la
situazione e' in continuo aggiornamento, si prega di consultare la
sezione Riferimenti per restare aggiornati
uIP: https://github.com/adamdunkels/uip
Contiki-OS and Contiki-NG: https://www.contiki-ng.org/
PicoTCP and PicoTCP-NG: http://picotcp.altran.be
FNET: http://fnet.sourceforge.net/
Nut/OS: http://www.ethernut.de/en/software/
:: Impatto
L'impatto di queste vulnerabilita' varia molto a seconda di come siano
stati compilati i sorgenti delle librerie nei sistemi embedded.
Riassumendo un utente remoto non autenticato potrebbe forgiare
appositamente dei pacchetti TCP/IP per suscitare reazioni inaspettate
nei device, per esempio denial of service, esfiltrazione di dati,
esecuzione di codice arbitrario.
:: Soluzioni
Applicare le patch del produttore nei sistemi che ne abbiano gia' pronte
Contattare i produttori per ottenere update appropriati
Tenere i sistemi vulnerabili in segmenti di rete non accessibili
dall'esterno ne' da altri segmenti di rete interna
:: Riferimenti
Per controllare la situazione in continuo aggiornamento si consiglia il
sito Forescout
https://www.forescout.com/research-labs/amnesia33/
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/certcc-releases-information-vulnerabilities-affecting-open-source
MS-ISAC
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-various-opensource-tcpip-stack-could-allow-for-remote-code-execution_2020-164/
KB-CERT
https://www.kb.cert.org/vuls/id/815128
ICS-Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25111
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX9DDRQAKCRDBnEyTZRJg
QtCFAJ9CwUz8RMhGbk7f47XpQQToPC6aHwCdH2m/Lil8+qIPrhbJdqtsDssKMEA=
=17OT
-----END PGP SIGNATURE-----
Hash: SHA1
********************************************************************************
Alert ID: GCSA-20115
Data: 9 Dicembre 2020
Titolo: Vulnerabilita' multiple nello stack TCP/IP per sistemi embedded
- - AMNESIA:33
********************************************************************************
:: Descrizione del problema
Sono state riscontrate 33 vulnerabilita', chiamate AMNESIA:33, che
riguardano molte librerie OpenSource di stack TCP/IP in sistemi embedded
IoT. Alcune di queste possono essere sfruttate per ottenere da remoto il
controllo completo di un sistema affetto.
:: Sistemi interessati
Al momenti sono stati riscontrati questi sistemi affetti, ma la
situazione e' in continuo aggiornamento, si prega di consultare la
sezione Riferimenti per restare aggiornati
uIP: https://github.com/adamdunkels/uip
Contiki-OS and Contiki-NG: https://www.contiki-ng.org/
PicoTCP and PicoTCP-NG: http://picotcp.altran.be
FNET: http://fnet.sourceforge.net/
Nut/OS: http://www.ethernut.de/en/software/
:: Impatto
L'impatto di queste vulnerabilita' varia molto a seconda di come siano
stati compilati i sorgenti delle librerie nei sistemi embedded.
Riassumendo un utente remoto non autenticato potrebbe forgiare
appositamente dei pacchetti TCP/IP per suscitare reazioni inaspettate
nei device, per esempio denial of service, esfiltrazione di dati,
esecuzione di codice arbitrario.
:: Soluzioni
Applicare le patch del produttore nei sistemi che ne abbiano gia' pronte
Contattare i produttori per ottenere update appropriati
Tenere i sistemi vulnerabili in segmenti di rete non accessibili
dall'esterno ne' da altri segmenti di rete interna
:: Riferimenti
Per controllare la situazione in continuo aggiornamento si consiglia il
sito Forescout
https://www.forescout.com/research-labs/amnesia33/
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/certcc-releases-information-vulnerabilities-affecting-open-source
MS-ISAC
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-various-opensource-tcpip-stack-could-allow-for-remote-code-execution_2020-164/
KB-CERT
https://www.kb.cert.org/vuls/id/815128
ICS-Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17437
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24334
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25111
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX9DDRQAKCRDBnEyTZRJg
QtCFAJ9CwUz8RMhGbk7f47XpQQToPC6aHwCdH2m/Lil8+qIPrhbJdqtsDssKMEA=
=17OT
-----END PGP SIGNATURE-----