What Is Urgent/11? How It Works & Examples
Twingate Team
•
•
Aug 15, 2024
Urgent/11 is a collection of eleven zero-day vulnerabilities discovered in the VxWorks real-time operating system (RTOS). These vulnerabilities were identified by Armis Labs and affect all versions of VxWorks since version 6.5. VxWorks is widely used in mission-critical devices across various industries, including healthcare, industrial control systems, and enterprise environments.
The vulnerabilities in Urgent/11 are particularly concerning because they allow attackers to execute remote code, cause denial of service, and exploit logical flaws without any user interaction. This makes them a significant threat to the security of over two billion devices, including SCADA systems, medical devices, and firewalls. The discovery of Urgent/11 underscores the importance of robust cybersecurity measures in protecting critical infrastructure.
How does Urgent/11 Work?
Urgent/11 works by exploiting vulnerabilities in the IPnet TCP/IP stack of the VxWorks operating system. Attackers craft malicious TCP packets designed to exploit specific weaknesses in the network stack. These packets can trigger various vulnerabilities, including stack overflow, memory corruption, and heap overflow, allowing attackers to execute arbitrary code on the target device.
Once the malicious packets are sent, they can bypass traditional security measures like firewalls and NAT solutions. This enables attackers to gain unauthorized access to devices, disrupt their normal operations, or leak sensitive information. The vulnerabilities can be exploited remotely, without any user interaction, making them particularly dangerous in environments where VxWorks is deployed.
In essence, Urgent/11 leverages low-level network protocol flaws to compromise devices. By manipulating the TCP/IP stack, attackers can achieve remote code execution, denial of service, and information leaks, thereby gaining control over critical systems and infrastructure.
What are Examples of Urgent/11 Vulnerabilities?
Examples of Urgent/11 vulnerabilities include a stack overflow in the parsing of IPv4 options (CVE-2019-12256) and a heap overflow in DHCP Offer/ACK parsing (CVE-2019-12257). These vulnerabilities allow attackers to execute remote code on affected devices, making them particularly dangerous. Additionally, there are four memory corruption vulnerabilities related to the TCP Urgent Pointer field (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263), which can also lead to remote code execution.
Other notable vulnerabilities include a logical flaw in handling unsolicited reverse ARP replies (CVE-2019-12262) and a denial of service (DoS) vulnerability via malformed TCP options (CVE-2019-12258). These vulnerabilities can disrupt device operations or leak sensitive information. Devices such as SCADA systems, patient monitors, and firewalls are among those affected, highlighting the broad impact of Urgent/11 across various critical sectors.
What are the Potential Risks of Urgent/11?
The potential risks of suffering from Urgent/11 vulnerabilities are significant and multifaceted. Here are some of the key risks:
Remote Code Execution: Attackers can gain control over devices without any user interaction, leading to unauthorized access and manipulation of critical systems.
Disruption of Essential Services: Vulnerabilities can cause critical devices, such as patient monitors and industrial controllers, to malfunction or shut down, leading to severe operational disruptions.
Exposure of Sensitive Data: Information leaks from compromised devices can result in the unauthorized disclosure of sensitive data, including medical records and industrial secrets.
Compromise of Network Security: The ability to bypass firewalls and other security measures allows attackers to infiltrate networks, potentially leading to widespread attacks and the creation of botnets.
Threat to Critical Infrastructure: The vulnerabilities pose a significant risk to critical infrastructure, including power plants and manufacturing facilities, which can have far-reaching consequences for public safety and economic stability.
How can you Protect Against Urgent/11?
To protect against Urgent/11, consider the following strategies:
Apply Patches: Ensure all devices running VxWorks are updated with the latest patches provided by manufacturers.
Implement Network Segmentation: Divide your network into smaller segments to limit the spread of potential attacks.
Use Intrusion Detection Systems: Deploy IDS to monitor network traffic for signs of exploitation attempts.
Restrict Network Access: Limit access to critical devices through strict access control measures.
Conduct Regular Security Audits: Perform frequent audits to identify and mitigate vulnerabilities in your systems.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What Is Urgent/11? How It Works & Examples
Twingate Team
•
•
Aug 15, 2024
Urgent/11 is a collection of eleven zero-day vulnerabilities discovered in the VxWorks real-time operating system (RTOS). These vulnerabilities were identified by Armis Labs and affect all versions of VxWorks since version 6.5. VxWorks is widely used in mission-critical devices across various industries, including healthcare, industrial control systems, and enterprise environments.
The vulnerabilities in Urgent/11 are particularly concerning because they allow attackers to execute remote code, cause denial of service, and exploit logical flaws without any user interaction. This makes them a significant threat to the security of over two billion devices, including SCADA systems, medical devices, and firewalls. The discovery of Urgent/11 underscores the importance of robust cybersecurity measures in protecting critical infrastructure.
How does Urgent/11 Work?
Urgent/11 works by exploiting vulnerabilities in the IPnet TCP/IP stack of the VxWorks operating system. Attackers craft malicious TCP packets designed to exploit specific weaknesses in the network stack. These packets can trigger various vulnerabilities, including stack overflow, memory corruption, and heap overflow, allowing attackers to execute arbitrary code on the target device.
Once the malicious packets are sent, they can bypass traditional security measures like firewalls and NAT solutions. This enables attackers to gain unauthorized access to devices, disrupt their normal operations, or leak sensitive information. The vulnerabilities can be exploited remotely, without any user interaction, making them particularly dangerous in environments where VxWorks is deployed.
In essence, Urgent/11 leverages low-level network protocol flaws to compromise devices. By manipulating the TCP/IP stack, attackers can achieve remote code execution, denial of service, and information leaks, thereby gaining control over critical systems and infrastructure.
What are Examples of Urgent/11 Vulnerabilities?
Examples of Urgent/11 vulnerabilities include a stack overflow in the parsing of IPv4 options (CVE-2019-12256) and a heap overflow in DHCP Offer/ACK parsing (CVE-2019-12257). These vulnerabilities allow attackers to execute remote code on affected devices, making them particularly dangerous. Additionally, there are four memory corruption vulnerabilities related to the TCP Urgent Pointer field (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263), which can also lead to remote code execution.
Other notable vulnerabilities include a logical flaw in handling unsolicited reverse ARP replies (CVE-2019-12262) and a denial of service (DoS) vulnerability via malformed TCP options (CVE-2019-12258). These vulnerabilities can disrupt device operations or leak sensitive information. Devices such as SCADA systems, patient monitors, and firewalls are among those affected, highlighting the broad impact of Urgent/11 across various critical sectors.
What are the Potential Risks of Urgent/11?
The potential risks of suffering from Urgent/11 vulnerabilities are significant and multifaceted. Here are some of the key risks:
Remote Code Execution: Attackers can gain control over devices without any user interaction, leading to unauthorized access and manipulation of critical systems.
Disruption of Essential Services: Vulnerabilities can cause critical devices, such as patient monitors and industrial controllers, to malfunction or shut down, leading to severe operational disruptions.
Exposure of Sensitive Data: Information leaks from compromised devices can result in the unauthorized disclosure of sensitive data, including medical records and industrial secrets.
Compromise of Network Security: The ability to bypass firewalls and other security measures allows attackers to infiltrate networks, potentially leading to widespread attacks and the creation of botnets.
Threat to Critical Infrastructure: The vulnerabilities pose a significant risk to critical infrastructure, including power plants and manufacturing facilities, which can have far-reaching consequences for public safety and economic stability.
How can you Protect Against Urgent/11?
To protect against Urgent/11, consider the following strategies:
Apply Patches: Ensure all devices running VxWorks are updated with the latest patches provided by manufacturers.
Implement Network Segmentation: Divide your network into smaller segments to limit the spread of potential attacks.
Use Intrusion Detection Systems: Deploy IDS to monitor network traffic for signs of exploitation attempts.
Restrict Network Access: Limit access to critical devices through strict access control measures.
Conduct Regular Security Audits: Perform frequent audits to identify and mitigate vulnerabilities in your systems.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What Is Urgent/11? How It Works & Examples
Twingate Team
•
•
Aug 15, 2024
Urgent/11 is a collection of eleven zero-day vulnerabilities discovered in the VxWorks real-time operating system (RTOS). These vulnerabilities were identified by Armis Labs and affect all versions of VxWorks since version 6.5. VxWorks is widely used in mission-critical devices across various industries, including healthcare, industrial control systems, and enterprise environments.
The vulnerabilities in Urgent/11 are particularly concerning because they allow attackers to execute remote code, cause denial of service, and exploit logical flaws without any user interaction. This makes them a significant threat to the security of over two billion devices, including SCADA systems, medical devices, and firewalls. The discovery of Urgent/11 underscores the importance of robust cybersecurity measures in protecting critical infrastructure.
How does Urgent/11 Work?
Urgent/11 works by exploiting vulnerabilities in the IPnet TCP/IP stack of the VxWorks operating system. Attackers craft malicious TCP packets designed to exploit specific weaknesses in the network stack. These packets can trigger various vulnerabilities, including stack overflow, memory corruption, and heap overflow, allowing attackers to execute arbitrary code on the target device.
Once the malicious packets are sent, they can bypass traditional security measures like firewalls and NAT solutions. This enables attackers to gain unauthorized access to devices, disrupt their normal operations, or leak sensitive information. The vulnerabilities can be exploited remotely, without any user interaction, making them particularly dangerous in environments where VxWorks is deployed.
In essence, Urgent/11 leverages low-level network protocol flaws to compromise devices. By manipulating the TCP/IP stack, attackers can achieve remote code execution, denial of service, and information leaks, thereby gaining control over critical systems and infrastructure.
What are Examples of Urgent/11 Vulnerabilities?
Examples of Urgent/11 vulnerabilities include a stack overflow in the parsing of IPv4 options (CVE-2019-12256) and a heap overflow in DHCP Offer/ACK parsing (CVE-2019-12257). These vulnerabilities allow attackers to execute remote code on affected devices, making them particularly dangerous. Additionally, there are four memory corruption vulnerabilities related to the TCP Urgent Pointer field (CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263), which can also lead to remote code execution.
Other notable vulnerabilities include a logical flaw in handling unsolicited reverse ARP replies (CVE-2019-12262) and a denial of service (DoS) vulnerability via malformed TCP options (CVE-2019-12258). These vulnerabilities can disrupt device operations or leak sensitive information. Devices such as SCADA systems, patient monitors, and firewalls are among those affected, highlighting the broad impact of Urgent/11 across various critical sectors.
What are the Potential Risks of Urgent/11?
The potential risks of suffering from Urgent/11 vulnerabilities are significant and multifaceted. Here are some of the key risks:
Remote Code Execution: Attackers can gain control over devices without any user interaction, leading to unauthorized access and manipulation of critical systems.
Disruption of Essential Services: Vulnerabilities can cause critical devices, such as patient monitors and industrial controllers, to malfunction or shut down, leading to severe operational disruptions.
Exposure of Sensitive Data: Information leaks from compromised devices can result in the unauthorized disclosure of sensitive data, including medical records and industrial secrets.
Compromise of Network Security: The ability to bypass firewalls and other security measures allows attackers to infiltrate networks, potentially leading to widespread attacks and the creation of botnets.
Threat to Critical Infrastructure: The vulnerabilities pose a significant risk to critical infrastructure, including power plants and manufacturing facilities, which can have far-reaching consequences for public safety and economic stability.
How can you Protect Against Urgent/11?
To protect against Urgent/11, consider the following strategies:
Apply Patches: Ensure all devices running VxWorks are updated with the latest patches provided by manufacturers.
Implement Network Segmentation: Divide your network into smaller segments to limit the spread of potential attacks.
Use Intrusion Detection Systems: Deploy IDS to monitor network traffic for signs of exploitation attempts.
Restrict Network Access: Limit access to critical devices through strict access control measures.
Conduct Regular Security Audits: Perform frequent audits to identify and mitigate vulnerabilities in your systems.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions