Ripple20

From HandWiki

Ripple20 is a set of vulnerabilities discovered in 2020 in a software library that implemented a TCP/IP stack. The security concerns were discovered by JSOF, which named the collective vulnerabilities for how one company's code became embedded into numerous products.

Description

Ripple20 is a set of 19 vulnerabilities discovered in 2020 in a software library developed by the Cincinnati-based[1] company Treck Inc., which implemented a TCP/IP stack.[2]

History

The first release of Treck's library was around 1997.[1] Treck had also worked with Elmic Systems, which created a fork of the library when the companies ended their collaboration.[3] In September 2019, JSOF researchers analyzed a device containing code from the library and discovered it had vulnerabilities. Further analysis determined that the code originated from Treck's library, which had been widely implemented by numerous manufacturers.[3] The disclosure of the vulnerabilities was made in June 2020.[4][5][6][7] Ripple20 was chosen as the name for the set of vulnerabilities based on the disclosure year and the idea that the problems "rippled" through the supply chain from one company.[2][8] It is difficult to identify all affected devices, because manufacturers may not realize that the library was used in one of their components.[9]

References

  1. 1.0 1.1 Catalin Cimpanu (2018-08-21). "Ripple20 vulnerabilities will haunt the IoT landscape for years to come". ZDNet. https://www.zdnet.com/article/ripple20-vulnerabilities-will-haunt-the-iot-landscape-for-years-to-come/. Retrieved 2020-07-02. 
  2. 2.0 2.1 Andy Greenberg (2020-06-16). "Ripple20 Bugs Put Hundreds of Millions of IoT Devices at Risk". WIRED. https://www.wired.com/story/ripple20-iot-vulnerabilities/. Retrieved 2020-07-02. 
  3. 3.0 3.1 "disclosure". https://www.jsof-tech.com/ripple20/#ripple-disclosure. Retrieved 2020-07-02. 
  4. "Ripple20 Threatens Increasingly Connected Medical". Darkreading.com. https://www.darkreading.com/vulnerabilities---threats/ripple20-threatens-increasingly-connected-medical-devices/d/d-id/1338241. Retrieved 2020-07-02. 
  5. "This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords". Hackaday. 2020-06-26. https://hackaday.com/2020/06/26/this-week-in-security-bitdefender-ripple20-starbucks-and-pwned-passwords/. Retrieved 2020-07-02. 
  6. "List of Ripple20 vulnerability advisories, patches, and updates". Bleepingcomputer.com. 2020-06-25. https://www.bleepingcomputer.com/news/security/list-of-ripple20-vulnerability-advisories-patches-and-updates/. Retrieved 2020-07-02. 
  7. "Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020". Tools.cisco.com. 2020-06-16. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC. Retrieved 2020-07-02. 
  8. "Overview". https://www.jsof-tech.com/ripple20/#ripple=overview. Retrieved 2020-07-02. 
  9. Jon Gold. "Ripple20 TCP/IP flaws can be patched but still threaten IoT devices". Network World. https://www.networkworld.com/article/3563842/ripple20-tcpip-flaws-can-be-patched-but-still-threaten-iot-devices.html. Retrieved 2020-07-02. 

External links



Retrieved from "https://handwiki.org/wiki/index.php?title=Ripple20&oldid=124826"