Announcing Ordr 8.2 - The Most Comprehensive Single Source of Truth for Connected Devices Read more here!
Go back to blogs

Detecting and Mitigating Ripple20 Vulnerabilities

JSOF recently published information on 19 vulnerabilities they found in the Treck TCP/IP stack used by many device manufacturers that enables their devices to communicate over a network. The vulnerabilities were originally discovered in September of last year.

While there is no indication that these vulnerabilities have been exploited in the wild, any threat to the TCP/IP stack impacts the fundamental networking core of a device. The vendor list of vulnerable devices is long, and JSOF has confirmed the impact to 15 vendors including Baxter, Intel, Caterpillar, Cisco, Aruba, HP, and Xerox; all have issued their own advisories and patches.

However, the list of affected devices continues to grow as this vulnerability has been present inside the Treck stack for likely more than 20 years and implemented in millions of devices since then. Organizations need to assess their exposure by identifying any vulnerable assets in their inventory, and then respond by either patching or implementing compensating controls to protect at-risk devices.

Ordr now offers a solution for organizations to detect and mitigate risks from Ripple20 vulnerabilities. Ordr Systems Control Engine (SCE) can:

  • Identify vulnerable assets impacted by Ripple20 via our new Ripple20 scanner
  • Passively identify devices that are vulnerable to Ripple20 through device classification comparisons with known vulnerable device lists
  • Detect active exploitation of Ripple20 using our built-in intrusion detection engine
  • Proactively protect devices from Ripple20 attacks by dynamically generating policies and enforcing them on network devices or next-generation firewalls.

For more information, please refer to our security bulletin here. The Ordr solution for Ripple20 will be available in the 7.2.7 release and also simultaneously deployed and supported in 7.2.5 and 7.2.6 which are already live at customer sites.

We thank JSOF for their support and collaboration.

Detect and Mitigate Ripple20

Jeff Horne

Jeff Horne is currently the CSO at Ordr where he is responsible for security direction both within Ordr products and internal security. Prior to Ordr Jeff was the VP of Information Security for Optiv where he was responsible for all Security Operations, Governance Risk and Compliance, Endpoint, Internal Incident Response, Physical Security, and Employee Security Awareness groups. Before Optiv Jeff was the Senior Director of Information Security for SpaceX where he was responsible for the overall security strategy of SpaceX and managing the Information Security, Compliance (ITAR), Security Operations, and Physical Security groups. Previous to SpaceX Jeff was the Vice President of R&D and Chief Architect for Accuvant LABS where he managed teams of researchers and consultants specializing in reverse engineering, malicious code, incident response, breach analysis, and vulnerability assessment. Prior to Accuvant Jeff was the Director of Threat Research at Webroot Software where he led several teams of malware researchers, reverse engineers, and a development organization specializing in creating anti-malware functionality and detection signatures for all Webroot products. Jeff began his career as a Vulnerability Researcher at Internet Security Systems where he was responsible for vulnerability discovery, exploit creation, IDS evasion research, and behavioral detection of malware. Jeff is well known for his insight in interviews for numerous news channels and publications, speaking roles at various security conferences, as well as authoring several vulnerability disclosures and patents.

Follow by Author

Get Your Devices in Ordr

Request a Demo

Let our product experts show you how Ordr addresses your critical use cases.

Get A Demo

Request an Assessment

Get a no-obligation, free assessment for your business. Identify assets and the risks they bring.

Get an Assessment