skip to Main Content

Cybersecurity, AMNESIA:33 hit open source TCP/IP stacks

Forescout: AMNESIA:33 is a group of 33 vulnerabilites that hit multiple open-source embedded TCP/IP stacks, commonly used in IoT and embedded devices

AMNESIA:33 is a group of 33 vulnerabilites that hit multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices. It has been discovered by Forescout cybersecurity experts. The flaws are also tracked as ICS-VU-633937 and JVNVU#96491057, and are caused by memory management bugs, commonly seen in lightweight software implementations in Real Time Operating Systems (RTOS) and IoT devices. Their impact vary widely due to the combination of build and runtime options customized while including these in embedded devices. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause the vulnerable device to behave in unexpected ways such as a failure (denial of service), disclosure of private information, or execution of arbitrary code.

Back To Top