- Ripple20 is the codename to a set of 19 vulnerabilities discovered by the cybersecurity team JSOF.
- These vulnerabilities are inside an IP stack, selled under two different names (Treck TCP/IP for U.S market Kasago TCP/IP, for Asia market. -These two stacks were bought and used under privated-labeled by several softwares companies, some known names are: GHnetv2, Kwiknet, Quadnet.
- But there's more, these stacks were also integrated, sometimes with modifications, inside several RTOS (real-time operating system).
- Last, some of the vulnerabilities, depending the device operating system, configuration or location can have greater or lower CVSS score.
- My advice is for companies to ask their suppliers if they use one of this stack and assess the risk following their company risk policy.
- This will not be an easy set of vulnerabilities to patch, sadly.
- Patches available, depending vendor!
- Some mitigations are available CERT/CC GitHub MTG
- Rules available CERT/CC GitHub RLS
- https://www.bbraunusa.com/en/products-and-therapies/customer-communications.html
- https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/Skyline%20Response_Outlook_6.9.2020_FINAL1.pdf
- https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy
- https://www.carestream.com/en/us/-/media/publicsite/resources/service-and-support-publications/product-security-advisory---ripple20.pdf?sc_lang=en
- https://www.elwsc.co.jp/news/4136/
- https://www.elwsc.co.jp/wp-content/uploads/2020/06/KASAGO202006-1.pdf
- Behind subscription wall, status unknown
- Behind subscription wall, status unknown
- https://global.medtronic.com/xg-en/product-security/security-bulletins/ripple20-vulnerabilities.html
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak