Forescout Research Labs Forescout researchers have discovered vulnerabilities in multiple TCP/IP stacks in which ISNs (Initial Sequence Numbers within TCP connections) are improperly generated, leaving TCP connections of a device open to attacks. Forescout researchers analyzed 11 total stacks: uIP, FNET, picoTCP, Nut/Net, lwIP, cycloneTCP, uC/TCP-IP, MPLAB Net, TI-NDKTCPIP, Nanostack, and Nucleus NET.
This type of vulnerability has been used historically to break into general-purpose computers (notoriously by Kevin Mitnick, which led it to be known as the “Mitnick attack”). What makes this finding different is the stacks are primarily used in embedded devices, potentially widening their impact.
