Project Memoria

Securing TCP/IP Stacks

Forescout Research Labs launched its Project Memoria initiative in 2020 with the mission of providing the cybersecurity community with the most extensive study to date of TCP/IP stacks security.

Under Project Memoria, Forescout researchers collaborate with industry peers, universities and research institutes to analyze common mistakes associated with vulnerabilities in TCP/IP stacks, identify the threats they pose to the extended enterprise and determine best practices to mitigate the risk.

Impact

97

Vulnerabilities

250000+

Products Affected

81

Public Advisories

422

Impacted Vendors

Project Memoria Concludes

Over the past 18 months we have announced 5 different phases of vulnerability research with a total of 97 vulnerabilities, affecting 14 TCP/IP stacks. This report summarizes the key findings and mitigation steps that organizations can take to protect themselves from the vulnerabilities found.

Concluding Project Memoria does not mean that our work is done, either for TCP/IP stacks or other foundational components of the connected device ecosystem. As we did in previous studies, we invite other researchers and device vendors to continue this work and collaborate with us in future research.

AMNESIA:33

AMNESIA:33, the first study under Project Memoria, published December 8, 2020. AMNESIA:33 is a set of 33 new memory-corrupting vulnerabilities impacting millions of IoT, OT and IT devices that present an immediate risk for organizations worldwide.

NUMBER:JACK

NUMBER:JACK, Project Memoria’s second study, published February 10, 2021. It disclosed nine vulnerabilities in multiple TCP/IP stacks that can improperly generate ISNs (Initial Sequence Numbers) within TCP connections, leaving a device’s TCP connections open to attacks.

NAME:WRECK

NAME:WRECK is a collaborative study published by Forescout Research Labs and JSOF on April 13, 2021. It discloses nine vulnerabilities affecting four popular TCP/IP stacks used in millions of IoT, OT and IT devices and allows for Denial of Service or Remote Code Execution.

INFRA:HALT

Forescout Research Labs and JFrog Security Research discovered 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack. The report, published on August 4, 2021, describes how the vulnerabilities allow for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.

NUCLEUS:13

Forescout Research Labs, with support from Medigate Labs, have discovered a set of 13 new vulnerabilities affecting the Nucleus TCP/IP stack, which we are collectively calling NUCLEUS:13. The report, published on November 9, 2021, outlines how the new vulnerabilities allow for remote code execution, denial of service, and information leak. Nucleus is used in safety-critical devices, such as anesthesia machines, patient monitors and others in healthcare.