False Alarms and Close Calls: The Analysis and Verification of Ripple20 and Its Ripple Effect

Ripple20 is a collection of 19 CVEs disclosed by JSOF that affect the Treck TCP/IP stack. It has proven to be one of the most widespread vulnerabilities and is elusive to traditional detection techniques due to the many variants spread out over many years of releases. According to JSOF, this series of vulnerabilities affects hundreds of millions of devices and includes multiple remote execution code vulnerabilities, which would allow an attacker to gain complete control over a target device remotely.

What we found in our attempts to verify the effects of these vulnerabilities is that the effects and impacts initially reported by JSOF are greatly exaggerated. Download this whitepaper for a breakdown of our results, methods, and to understand why these discrepancies matter and how they affect your organization and your network.