Ripple20 - CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11901他
こんにちは、丸山満彦です。
JSOFというイスラエルのヘブライ大学のキャンパス内にある会社が、組み込み機器やIoT機器を中心に20年間にわたり広く使われているTCP/IPスタックの中に19の脆弱性があることを発見したようですね。脆弱性が与える影響が高く、影響を受ける可能性があるデバイスの数も多いようです。
White Paprによると、「20」には複数の意味が込められているようです。。。
- この脆弱性が2020年に報告された
- このスタックは20年以上も前から存在している
- 脆弱性は19個あり、誕生日ケーキのロウソクと同じように来年に向けて1個追加している(^^)
● CICA
・2020.06.16 (National Cyber Awareness System) Ripple20 Vulnerabilities Affecting Treck IP Stacks
・2020.06.16 (ICS-CERT Landing) ICS Advisory (ICSA-20-168-01) Treck TCP/IP Stack
● Carnegie Mellon University - Software Engineering Institute
・2020.06.16 Treck IP stacks contain multiple vulnerabilities - Vulnerability Note VU#257161
● Git Hub
・VU#257161 network mitigations
ーーーーー
脆弱性のリスト
CVE ID | CVSSv3 | NIST | CVE |
CVE-2020-11896 | 10.0 | * | * |
CVE-2020-11897 | 10.0 | * | * |
CVE-2020-11898 | 9.1 | * | * |
CVE-2020-11899 | 5.4 | * | * |
CVE-2020-11900 | 8.2 | * | * |
CVE-2020-11901 | 9.0 | * | * |
CVE-2020-11902 | 7.3 | * | * |
CVE-2020-11903 | 5.3 | * | * |
CVE-2020-11904 | 5.6 | * | * |
CVE-2020-11905 | 5.3 | * | * |
CVE-2020-11906 | 5.0 | * | * |
CVE-2020-11907 | 5.0 | * | * |
CVE-2020-11908 | 3.1 | * | * |
CVE-2020-11909 | 3.7 | * | * |
CVE-2020-11910 | 3.7 | * | * |
CVE-2020-11911 | 3.7 | * | * |
CVE-2020-11912 | 3.7 | * | * |
CVE-2020-11913 | 3.7 | * | * |
CVE-2020-11914 | 3.1 | * | * |
■ 報道等
● https://xakep.ru/
・2020.06.16 Сотни миллионов IoT-устройств в опасности из-за уязвимостей Ripple20by Мария Нефёдова
● Dark Reading
・2020.06.16 17:50 'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices by Kelly Sheridan
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
● GIGAZIN
・2020.06.17 11:32 数億台以上の電化製品にひそむ脆弱性「Ripple20」が発見される
セキュリティ企業JSOFが、IntelやHPの製品を含む多くのスマートデバイスやルーター、プリンターなどが影響を受ける脆弱性「Ripple20」を発見したと発表しました。Ripple20は、1997年にリリースされて以来多くのメーカーが採用してきたインターネット通信プロトコルのライブラリが原因となっていることから、この脆弱性の影響を受ける製品は全世界に数億台以上あると見られています。
● Threat Post
・2020.06.16 12:22 ‘Ripple20’ Bugs Impact Hundreds of Millions of Connected Devices by Tara Seals
The vulnerabilities affect everything from printers to insulin pumps to ICS gear.
● WIRED
・2020.06.16 09:00 A Legion of Bugs Puts Hundreds of Millions of IoT Devices at Risk by ANDY GREENBERG
The so-called Ripple20 vulnerabilities affect equipment found in data centers, power grids, and more.
● Bleeping Computing
・2020.06.17 03:10 Ripple20 vulnerabilities affect IoT devices across all industries by Ionut Ilascu
More than a dozen vulnerabilities, collectively named Ripple20, affecting the TCP/IP communication stack used in hundreds of millions of embedded devices paint a grim scenario for connected gadgets.
Some of the flaws are critical and can be exploited to gain remote control of all vulnerable devices on the network. They impact such a wide spectrum of products from so many vendors that it is easier to count those that are not affected.
● ZDNet
・2020.06.16 13:00 Ripple20 vulnerabilities will haunt the IoT landscape for years to come by Catalin Cimpanu
Security researchers disclose 19 vulnerabilities impacting a TCP/IP library found at the base of many IoT products.
● Health IT Security
・2020.06.17 Millions of IoT Medical Devices Impacted by Ripple20 Vulnerabilities by Jessica Davis
Researchers discovered 19 vulnerabilities called Ripple20 impacting the TCP/IP communication stack found in hundreds of millions of connected devices, including IoT medical tech.
● Silicon Angle
・2020.06.17 ‘Ripple20’ vulnerabilities expose hundreds of millions of IoT devices to hacking by
-----
[html]
CVE ID |
CVSSv3 | NIST | CVE | CWE | Base Metric Group | ||||||||||||||
20 | 125 | 130 | 170 | 190 | 284 | 415 | Cal | AV | AC | PR | UI | S | C | I | A | ||||
CVE-2020-11896 | 10.0 | * | * | X | * | Network | L | N | N | C | H | H | H | ||||||
CVE-2020-11897 | 10.0 | * | * | X | * | Network | L | N | N | C | H | H | H | ||||||
CVE-2020-11898 | 9.1 | * | * | X | * | Network | L | N | N | U | H | N | H | ||||||
CVE-2020-11899 | 5.4 | * | * | X | * | Adjacent | L | N | N | U | N | L | L | ||||||
CVE-2020-11900 | 8.2 | * | * | X | * | Network | L | N | N | U | N | L | H | ||||||
CVE-2020-11901 | 9.0 | * | * | X | * | Network | H | N | N | C | H | H | H | ||||||
CVE-2020-11902 | 7.3 | * | * | X | * | Network | L | N | N | U | L | L | L | ||||||
CVE-2020-11903 | 5.3 | * | * | X | * | Adjacent | H | N | N | U | H | N | N | ||||||
CVE-2020-11904 | 5.6 | * | * | X | * | Network | H | N | N | U | L | L | L | ||||||
CVE-2020-11905 | 5.3 | * | * | X | * | Adjacent | H | N | N | U | H | N | N | ||||||
CVE-2020-11906 | 5.0 | * | * | X | * | Adjacent | H | N | N | U | L | L | L | ||||||
CVE-2020-11907 | 5.0 | * | * | X | * | Adjacent | H | N | N | U | L | L | L | ||||||
CVE-2020-11908 | 3.1 | * | * | X | * | Adjacent | H | N | N | U | N | N | L | ||||||
CVE-2020-11909 | 3.7 | * | * | X | * | Network | H | N | N | U | L | N | N | ||||||
CVE-2020-11910 | 3.7 | * | * | X | * | Network | H | N | N | U | L | N | N | ||||||
CVE-2020-11911 | 3.7 | * | * | X | * | Network | H | N | N | U | N | N | L | ||||||
CVE-2020-11912 | 3.7 | * | * | X | * | Adjacent | H | N | N | U | N | N | L | ||||||
CVE-2020-11913 | 3.7 | * | * | X | * | Network | H | N | N | U | L | N | N | ||||||
CVE-2020-11914 | 3.1 | * | * | X | * | Adjacent | H | N | N | U | L | N | N |
Comments