On December 8, 2020, Forescout released a report containing numerous vulnerabilities found in various embedded TCP / IP stacks, known as AMNESIA: 33.
AMNESIA: 33 is a set of 33 vulnerabilities that impact four open source TCP / IP stacks (uIP, PicoTCP, FNET and Nut / Net), and that serve as fundamental components of the connectivity of millions of devices around the world. . AMNESIA: 33 has four categories of potential impact: remote code execution (RCE), denial of service (DoS by blocking or infinite loop), information leaks (infoleak) and DNS cache poisoning. Four of the vulnerabilities allow remote code execution.
In general, these vulnerabilities can be exploited to take full control of a target device (RCE), impair its functionality (DoS), obtain potentially sensitive information (infoleak), or inject malicious DNS records to address a device to an attacker-controlled domain (DNS caching poisoning).
The Zephyr project received notification of this vulnerability through CERT before the release date. They analyzed these vulnerabilities and any affected code and concluded that the Zephyr project is not affected by any of these vulnerabilities, either in current versions or in any long-term support version.
This report describes 33 vulnerabilities that are largely unrelated. The report is the result of an analysis of 4 TCP / IP implementations that are commonly used in embedded systems: uIP, uIP in Contiki-OS, PicoTCP and Fnet. Of these implementations, only Fnet code has ever been used in Zephyr.
Zephyr LTS version 1.14 contains an implementation of the TCP stack from Fnet. Among the vulnerabilities reported in Fnet, 2, CVE-2020-17468 and CVE-2020-17469, are in the IPv6 Fnet code, one, CVE-2020-17467, affects the resolution of local-link name Multicast LLMNR) and 2, CVE -2020-24383 and CVE-2020-17470 affect DNS functionality. None of the affected codes were used in the Zephyr project, while 1.14 uses Fnet TCP, does not use the affected IPv6, DNS or LLMNR code.
For current versions, including current version 2.4.0, this code has been replaced with a specific Zephyr implementation.