Researchers have discovered 11 severe vulnerabilities in VxWorks, the world’s hottest real-time working system (RTOS) that powers over 2 billion devices together with enterprise community firewalls and routers, industrial controllers and medical gear. Many of the flaws permit attackers to take over devices remotely by simply sending community packets, which make them significantly harmful.
Researchers from IoT safety agency Armis, who discovered the vulnerabilities, dubbed them URGENT/11 due to their widespread impression. The flaws are situated within the working system’s TCP/IP stack, a core part that handles community communications, and 6 of them may end up in distant code execution (RCE).
“URGENT/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions,” the Armis researchers stated of their report. “These devastating traits make these vulnerabilities ‘wormable,’ that means they can be utilized to propagate malware into and inside networks. Such an assault has a extreme potential, resembling that of the EternalBlue vulnerability, used to unfold the <a …