In this study, we discuss the results of the security analysis of seven open-source TCP/IP stacks and report a bundle of 33 new vulnerabilities found in four of the seven analysed stacks that are used by major IoT, OT and IT device vendors.
Four of the vulnerabilities in AMNESIA:33 are critical, with potential for remote code execution on certain devices. Exploiting these vulnerabilities could allow an attacker to take control of a device, thus using it as an entry point on a network for internet-connected devices, as a pivot point for lateral movement, as a persistence point on the target network or as the final target of an attack. For enterprise organisations, this means they are at increased risk of having their network compromised or having malicious actors undermine their business continuity. For consumers, this means that their IoT devices may be used as part of large attack campaigns, such as botnets, without them being aware.
Download the report and find out more.