Identifying and Mitigating Ripple20 Vulnerabilities

ripple20 detection and mitigation

A cybersecurity research company JSOF discovered a series of 19 vulnerabilities, collectively called as Ripple20 affecting the Treck Embedded IP stack. An IP stack is a connectivity software component used in all the connected devices.

Forescout, one of our partners for Cybersecurity products, partnered with JSOF to detect the potentially affected vendors. They analysed data from over 90,000 vulnerable devices from over 50 vendors. The types of affected devices included infusion pumps from hospitals, UPS from data centers, and video conferencing systems from enterprises.

What is Ripple20?

On June 16, 2020 JSOF discovered a set of 19 vulnerabilities, called Ripple20. Out of the 19, four vulnerabilities have a critical CVSS score, which includes the impact of Remote Code Execution and Exposure of Sensitive Information. These vulnerabilities have the potential to impact millions of devices. The adversary only needs access to the network of the device to take complete control of the device.

Affected Devices and Vendors

Treck is used by large enterprises to create products ranging from home printers to healthcare equipment. It was observed that healthcare, retail and manufacturing were the most impacted verticals.

Impact and Exposure

An attacker needs a direct connection with the device or a routed path to the internal networks to exploit the vulnerabilities. This means devices with internet connectivity are at the highest risk. An attacker targets one device first, moves to the network, and then attacks the other devices on the network.


Patching the devices that are running vulnerable versions of the IP stack gives them complete protection. However, this is a tedious process, because

  • Devices with embedded systems are difficult to manage
  • Affected devices are usually a part of the critical systems and infrastructure making them complicated for patching
  • Patches need to be issued by the final vendors of the device


Our cybersecurity partner, Forescout, can help organisations with these solutions.

  1. Forescout eyesight and SilentDefense helps you understand the risks accurately and suggests mitigation techniques.
  2. eyeSegment or eyeControl ensures network hygiene and mitigates risk from vulnerable devices.
  3. Monitors progressive patches
  4. For OT environments, SilentDefense
  • Spots erroneous communication
  • Devices a remediation plan
  • Initiates actions using intrusion alerts

To know more on using Forescout products for Ripple20 mitigation, visit the link.

No comments yet.

Leave a Comment

Let us know your thoughts on this !