Embedded TCP/IP Softwares Update | Security Alerts

The official site for Saudi CERT Sign In | العربية |

| A+ A-

Your review has been sent successfully

Embedded TCP/IP Softwares Update

2798

Classification

Security Alert

● Critical

● High

● Medium

● Low

Warning Date

Severity Level

Warning Number

Target Sector

9 December, 2020

● Critical

2020-2174

All

Description:

Multiple open-source embedded TCP/IP stacks has released a security update to address several vulnerabilities in the following products:

uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
uIP-Contiki-NG, Version 4.5 and prior
uIP (EOL), Version 1.0 and prior
open-iscsi, Version 2.1.12 and prior
picoTCP-NG, Version 1.7.0 and prior
picoTCP (EOL), Version 1.7.0 and prior
FNET, Version 4.6.3
Nut/Net, Version 5.1 and prior

Threats:

Attacker could exploit these vulnerabilities by doing the following:

Unauthorized disclosure of information
Unauthorized modification
Improper input validation
Denial of service attack (DoS)

Best practice and Recommendations:

The CERT team encourages users to review these Multiple open-source security advisories and apply the necessary updates (if applicable):

uIP
- https://github.com/adamdunkels/uip
open-iscsi
- https://github.com/open-iscsi/open-iscsi
Contiki-OS and Contiki-NG
- https://github.com/contiki-ng/contiki-ng
PicoTCP and PicoTCP-NG
- http://picotcp.altran.be
FNET
- https://github.com/butok/FNET/releases/tag/v4.7.0
Nut/OS
- http://www.ethernut.de/en/download/index.html

Last updated at 9 December, 2020