Issued: Monday, 19 April, 2021 |
Last Revision: Monday, 19 April, 2021 |
Vendor: |
Product: |
Severity Level: |
Summary:
A new set of nine vulnerabilities dubbed NAME:WRECK has been discovered by researchers at Forescout and JSOF Research Labs. These vulnerabilities affect the Domain Name System (DNS) component on at least four TCP/IP stack implementations: FreeBSD, IPNet, NetX, and Nucleus NET. These TCP/IP stack implementations are widely utilized in Internet of Things (IoT), operational technology (OT), and information technology (IT) devices. If exploited, these vulnerabilities could allow remote, unauthenticated attackers to take control of vulnerable systems.
Recommendation:
FreeBSD, Nucleus NET and NetX have released patches recently, please find below links to their official websites for specific information on how to patch these systems:
- https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc
- https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf
- https://github.com/azure-rtos/netxduo/commits/master/addons/dns/nxd_dns.c
According to the researchers, patching devices is not always possible, and the required effort changes drastically whether the device is a standard IT server or an IoT device. It is recommended to follow the guidelines below to stay protected from potential exploitation:
- Discover and inventory devices running the vulnerable stacks using Forescout's Project Memoria Detection Tool (available in the references section).
- Enforce segmentation controls and proper network hygiene to mitigate the risk from vulnerable devices.
- Monitor patches released by affected device vendors and enforce remediation plans.
- Configure devices to rely on internal DNS servers as much as possible and monitor external DNS traffic since exploitation require a malicious DNS server to reply with malicious packets.
- Monitor all network traffic for malicious packets.
Please refer to the original report for more information.