Vulnerabilities on the Internet are very present and can affect all kinds of services and applications that we use. They can compromise our security and be the gateway for hackers to carry out their attacks. In this article we want to talk about a script that they have created to detect vulnerabilities in the TCP / IP stack . In this way we can protect our network devices.
Script to detect vulnerable TCP / IP stacks
We saw recently that they had detected a number of TCP / IP stacks that were vulnerable and could compromise security. In total there were four. Now, Forescout has released an open source tool with the aim of detecting without a network device running any of those four TCP / IP stacks that have been affected by a total of 33 vulnerabilities.
It should be remembered that these four vulnerable TCP / IP stacks were discovered by Intel researchers and confirmed by Treck Inc. They affect the Treck TCP / IP stack version 6.0.1.67 and earlier.
Researchers indicate that the most critical vulnerability is the one that has been registered as CVE-2020-25066. It could allow an attacker to cause a denial of service as well as arbitrary code execution.
As is often the case with these types of vulnerabilities, security researchers quickly released patches to correct them. In this way, simply by installing the new versions we can avoid being victims of these problems. However, it is also common that many users take time to install these updates or do not really know if they have applied them correctly.
Detect vulnerable systems and devices
This is where this open source tool that Forescout has created comes into play, with the mission of informing if our device is vulnerable to any of the TCP / IP stacks. We can see its operation and source code on GitHub .
In recent times there has been an increase in research on TCP / IP libraries . This has made it possible to detect many vulnerabilities that affect all types of devices. However one of the main problems is that many embedded systems and IoT devices do not come with a list of embedded software and it is difficult to know which operating system it uses, firmware or the TCP / IP stack. Hence, it is not easy to detect certain vulnerabilities.
With this open source tool from Forescout they have been able to create a script to identify the use of the four TCP / IP stacks that are vulnerable. Thus it is able to offer information on the use of these batteries with a certain level of confidence (high, medium and low). This is so since it could give false positives. It could incorrectly indicate the use of a battery or, conversely, not be able to detect it.
They hope that in the future they can update this script in order to improve detection. In this way, that level of confidence could be higher and reduce the amount of false positives and false negatives that may exist.
Ultimately, this open source script lets you know if a device uses one of the four TCP / IP stacks that have recently been detected as vulnerable. One more way to protect our computers on the network.