NAME:WRECK DNS Vulnerabilities disclosed by JSOF and Forescout, Millions of Enterprise and Consumer Devices Impacted
JSOF, together with Forescout Research Labs, have disclosed a set of 9 vulnerabilities related to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE). This vulnerability set, known as NAME:WRECK, could potentially allow attackers to take target devices offline or take control over them.
NAME:WRECK affects 4 popular TCP/IP stacks, including:
- FreeBSD: Commonly used in computers, printers, and networking devices found on Device Cloud.
- IPNet: Integrator solution offered by IPNet Solutions, geared for enterprise and telecom markets.
- NetX: Common product categories include mobile phones, consumer electronics, and business automation, in devices such as printers, smart clocks, systems-on-a-chip, and energy & power equipment in Industrial Control Systems (ICS).
- Nucleus NET: Part of Nucleus RTOS, and deployed in over 3 billion devices. Commonly used in building automation, operational technology, and VoIP, as well as ultrasound machines, storage systems, and critical systems for avionics.
The combination of widespread use of these stacks, together with external exposure of the vulnerable DNS clients, results in a dramatically increased attack surface. Even the most conservative estimates conclude that millions of devices are impacted by NAME:WRECK.
Disclosure of yet another set of DNS vulnerabilities strengthens the position that the community must be more pro-active in efforts to identify and address the DNS problems that are evidently more widespread than realized.
Details of the NAME:WRECK vulnerability set are described in the Forescout technical report and will be presented at Black Hat Asia 2021.
More info is available on the Forescout website.