Zero-day vulnerabilities in the VxWorks operating system
A serious cybersecurity problem has just been revealed and could take months, even years, to be solved. A group of network security experts discovered at least eleven zero-day vulnerabilities in the operating system for Integrated Real-Time Systems (RTOS) VxWorks. This is serious considering that this system drives more than 2 billion devices in fields such as defense, industry, medicine, networks and other critical infrastructures.
If exploited, these flaws could allow hackers
to dodge any common security software to take full control of vulnerable
devices, could even cause disruptions in the operation of these systems just
like the exploitation of the vulnerability known as “EternalBlue”.
The following are the six most dangerous zero-days
discovered in the RTOS enlisted by network security specialists:
- Stack
overflow in the parsing of IPv4 packets IP options (CVE-2019-12256) - TCP
Urgent Pointer = 0 leads to integer underflow (CVE-2019-12255) - TCP
Urgent Pointer state confusion caused by malformed TCP AO option
(CVE-2019-12260) - TCP
Urgent Pointer state confusion during connect to a remote host (CVE-2019-12261) - TCP
Urgent Pointer state confusion due to race condition (CVE-2019-12263) - Heap
overflow in DHCP Offer/ACK parsing in ipdhcpc (CVE-2019-12257)
In addition to these six severe vulnerabilities,
experts discovered five additional flaws that can lead to denial
of service, information leaks, and logical errors:
- TCP
connection DoS via malformed TCP options (CVE-2019-12258) - Handling
of unsolicited Reverse ARP replies (Logical Flaw) (CVE-2019-12262) - Logical
flaw in IPv4 assignment by the ipdhcpc DHCP client (CVE-2019-12264) - DoS
via NULL dereference in IGMP parsing (CVE-2019-12259) - IGMP
Information leak via IGMPv3 specific membership report (CVE-2019-12265)
Vulnerabilities affect all versions of the
operating system since v6.5; “In other words, any version of VxWorks
released over the last thirteen years contains the flaws,” network
security experts added.
Scenarios and methods
of exploiting vulnerabilities
Scenario 1: Network security attack
Because VxWorks powers network devices that can
be accessed from the public Internet (routers, switches, firewall deployments,
etc.), a remote hacker could launch an attack directly against these devices by
taking control over them and over the networks to which they are connected.
The scope of the attack is too extensive, so
its exploitation could represent massive drops and security failures in
multiple services and industrial operations. For example, hackers could disable
firewall protection from the company SonicWall, which currently has nearly one
million deployments running the VxWorks operating system.
Scenario 2: Out-of-Network Attacks
These vulnerabilities can not only be exploited
on devices connected to the public Internet, even IoT equipments directly
connected to their cloud application are equally vulnerable.
A potential attack would involve using malware
to change DNS or deploying Man-in-The-Middle
(MiTM) attacks to intercept the TCP connection of the target device and launch
a remote code execution attack.
Scenario 3: Attack from inside the network
According to network security experts, an
attacker with network access due to a previous attack could compromise the
security of multiple devices simultaneously, not even need to be directly
connected to the Internet. This attack vector could lead to data manipulation
or extraction, hardware failures and more malicious activities.
Despite the seriousness of this finding,
specialists from the International Institute of Cyber Security (IICS) add that
these flaws do not affect other VxWorks products or developments primarily
focused on software certification.
(Visited 4 1 times)
Gloss