Network Security Threat URGENT/11 Vulnerabilities – What You Need to Know
There’s a new network security threat to be aware of, and it affects one of the world’s most widely used operating systems, VXWorks. In fact, VxWorks is so commonly used, it powers more than 2 billion devices around the world, including firewalls, printers, elevators, Boeing 787s, and more. Armis, a Califonia-based enterprise IoT security company, describes it as “the most widely used operating system you have likely never heard about.” They recently discovered 11 zeroday vulnerabilities within it, with an estimate that more than 200 million devices or networks can now be easily compromised.
What does this mean for you?
If your organization has any devices that utilize VxWorks, it is possible that malicious actors can very easily compromise your devices or network. A number of the vulnerabilities discovered were classified as critical Remote Code Execution (RCE), which means that the attacker can exploit remotely – likely with zero knowledge of your network topology, zero phishing emails, and minimal effort.
Here’s a real-world example of how an attacker can easily gain access to your entire network in a matter of minutes through a vulnerable Dell SonicWall firewall:
And this is just a single example of the harm that can be caused by the disclosed vulnerabilities. Armis disclosed two more real-world examples of the damage that can be caused by the vulnerabilities. An externally networked printer, for example, could be used to access devices that have no external connection of their own. Or even worse, a hospital’s biometric patient monitor could be compromised to display false vitals, or even eliminate critical alarms, leading to life-threatening consequences.
What should you do?
We recommend that you work with your internal IT team or managed service provider (MSP) to patch your devices immediately. A limited list of vendors who may have been affected and have patches available are listed below. (1)
- Arris Modems
- Avaya VOIP Media Gateways
- Belden Industrial Devices
- Kyocera Printers
- Ricoh Printers
- Rockwell PLCs
- Samsung Printers
- Schneider Electric PLCs
- Sonicwall Firewalls
- Xerox Printers
Official VxWorks security advisory notice: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/
Questions about VxWorks vulnerabilities? Connect with our team by setting up a free appointment.Schedule an Appointment
ABOUT DELAP CYBER
For over 25 years, Delap has provided cyber security expertise to organizations across the world, ranging from small businesses to Fortune 100 corporations. We leverage our collective experience to craft a comprehensive service with the goal of significantly reducing your company’s risk of attack or breach. Delap Cyber provides consulting, assurance services, forensic investigations, breach response, and managed cyber security services to businesses throughout the United States. Our solutions are designed to provide peace of mind by implementing multiple layers of controls through specifically selected, implemented, managed, and monitored tools by security professionals. You’ve spent your life building your business, let us help you protect it.
Read more articles by Brandon Walcott | Cyber Security Associate
Brandon provides cybersecurity consulting and support services to managed security service clients at Delap Cyber. He brings nearly a decade of small business technology consulting to Delap, joining the team in February 2017. He works with small businesses in the Pacific Northwest to provide cyber assessments and defense in depth solutions to clients. Brandon enjoys passionately serving clients with creative solutions and the most innovative security technology on the market today.