A new series of network zero-day vulnerabilities affecting devices from many different vendors was discovered by the security consulting company JSOF. Four of the vulnerabilities are rated critical and are capable of leading to remote code execution. The Ripple20 series of vulnerabilities are part of the Treck TCP/IP network stack used in embedded devices across several industries such as industrial, medical, retail, oil, home devices and more. JSOF estimates that hundreds of millions of devices could be affected due to how widespread the Treck network library is. A list of 79 vendors can be found on the announcement along with a current vulnerability status. As of now, eight vendors are listed confirmed vulnerable, five have self-reported themselves as “not affected” and 66 are currently unknown. For more technical details, a whitepaper is available by filling out a form on the announcement page and a second paper will be released after BlackHat USA 2020 which will detail DNS vulnerability CVE-2020-11901. JSOF will also provide scripts upon request to identify devices that use the Treck library. For more information or requests contact Ripple20@jsof-tech.com.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in