Cyber Security

The FreeRTOS Vulnerability Disaster

Published

on

The FreeRTOS Vulnerability Disaster- New vulnerabilities have been discovered in FreeRTOS, the open-source operating system that runs most of the small microprocessors and microcontrollers used in many IoT hardware items.

The flaws are in the TCP/IP stack, and they affect FreeRTOS.

The versions affected

FreeRTOS V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS V1.3.1, OpenRTOS, and SafeRTOS (with WHIS Connect middleware TCP/IP components) are all affected.

Why is this such a calamity?

Many IoT devices run on FreeRTOS. These gadgets are frequently low-cost and difficult to patch. Many of these gadgets, in fact, have firmware that hasn’t been updated in years.

Fitness trackers, temperature monitors, appliances, cars, door locks, water metres, and a variety of other small devices are examples of goods that use FreeRTOS. The devices that use TCP/IP are the ones that are vulnerable. This indicates that the gadgets are internet-capable.

Because these devices are connected, we can assume that they can be patched as well.

Will they, however, succeed?

Probably not. As a result, this is a vulnerability that could be exploited for years to come.

The following is a complete list of the vulnerabilities that affect FreeRTOS, along with their identifiers:

CVE-2018-16522Remote Code Execution
CVE-2018-16525Remote Code Execution
CVE-2018-16526Remote Code Execution
CVE-2018-16528Remote Code Execution
CVE-2018-16523Denial of Service
CVE-2018-16524Information Leak
CVE-2018-16527Information Leak
CVE-2018-16599Information Leak
CVE-2018-16600Information Leak
CVE-2018-16601Information Leak
CVE-2018-16602Information Leak
CVE-2018-16603Information Leak
CVE-2018-16598Other

Source: https://cybersguards.com/the-freertos-vulnerability-disaster/?web_view=true

Click to comment
Exit mobile version