You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Ripple20

From EverybodyWiki Bios & Wiki

Ripple20 is a set of vulnerabilities discovered in 2020 in a software library that implemented a TCP/IP stack. The security concerns were discovered by JSOF, which named the collective vulnerabilities for how one company's code became embedded into numerous products.

Description[edit]

Ripple20 is a set of 19 vulnerabilities discovered in 2020 in a software library developed by the Cincinnati-based[1] company Treck Inc., which implemented a TCP/IP stack.[2]

History[edit]

The first release of Treck's library was around 1997.[1] Treck had also worked with Elmic Systems, which created a fork of the library when the companies ended their collaboration.[3] In September 2019, JSOF researchers analyzed a device containing code from the library and discovered it had vulnerabilities. Further analysis determined that the code originated from Treck's library, which had been widely implemented by numerous manufacturers.[3] The disclosure of the vulnerabilities was made in June 2020.[4][5][6][7] Ripple20 was chosen as the name for the set of vulnerabilities based on the disclosure year and the idea that the problems "rippled" through the supply chain from one company.[2][8] It is difficult to identify all affected devices, because manufacturers may not realize that the library was used in one of their components.[9]

References[edit]

  1. 1.0 1.1 Catalin Cimpanu (2018-08-21). "Ripple20 vulnerabilities will haunt the IoT landscape for years to come". ZDNet. Retrieved 2020-07-02.
  2. 2.0 2.1 Andy Greenberg (2020-06-16). "Ripple20 Bugs Put Hundreds of Millions of IoT Devices at Risk". WIRED. Retrieved 2020-07-02.
  3. 3.0 3.1 "disclosure". jsof-tech.com. Retrieved 2020-07-02.
  4. "Ripple20 Threatens Increasingly Connected Medical". Darkreading.com. Retrieved 2020-07-02.
  5. "This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords". Hackaday. 2020-06-26. Retrieved 2020-07-02.
  6. "List of Ripple20 vulnerability advisories, patches, and updates". Bleepingcomputer.com. 2020-06-25. Retrieved 2020-07-02.
  7. "Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020". Tools.cisco.com. 2020-06-16. Retrieved 2020-07-02.
  8. "Overview". jsof-tech.com. Retrieved 2020-07-02.
  9. Jon Gold. "Ripple20 TCP/IP flaws can be patched but still threaten IoT devices". Network World. Retrieved 2020-07-02.

External links[edit]


This article "Ripple20" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Ripple20. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.