Professional Documents
Culture Documents
Risk Analysis
Risk Analysis
Risk
Tyler Higgins1
University of Advancing Technology
Author Note
Abstract
In this paper I will cover the risks involved with the set of vulnerabilities known as
Urgent/11. This set of 11 vulnerabilities affect the WindRiver Real Time Operating
because it affects such a wide range of products and most of them are not things most
people would think about, like a patient monitor. One of the worst parts of this set of
vulnerabilities is the simple fact that some of the devices that run this RTOS can not be
updated and there for more steps need to be taken into consideration.
RISK 3
Risk
discovered my Armis. Armis is a leader in IoT device security and they had discovered
this set of vulnerabilities they dubbed Urgent/11 because there were 11 zero-day
The last item in the list, firewalls, is how this set of vulnerabilities were a major
risk to the company I work for. The company I work for uses a SonicWall firewall.
SonicWall just so happens to use the VMWorks RTOS in their products. If we had been
attacked by a hacker that had gotten their hands on the Urgent/11 vulnerabilities there
would have been nothing we could do to stop the attack since there would have been
Let us go over how this someone can use a set of vulnerabilities to completely bypass
a firewall. The Urgent/11 vulnerabilities takes advantage of a defect in the VXWorks TCP/IP
(IPNet) stack and allows the connection to be modified. This can lead to a complete bypass
of a firewall as most modern security solutions cannot detect this attack. One of the worst
parts of this set of vulnerabilities is the fact that they are found in every version of the
VXWorks RTOS since version 6.5, which has was launched 13 years ago, and in total
affects 2 billion devices around the world. There is also a chance that this set of
vulnerabilities can be found and exploited in other devices since the same IPNet stack was
Risk to my Organization
As mentioned above, the company I work for uses SonicWall Firewalls and switches,
which means we were very open to this attack. Had an attacker had the chance to exploit
the vulnerability on our network we could have been massively affected. I am a network
admin for a small aviation maintenance school and had an attacker been able to get into
our network the attacker could have gotten access to employee and student files. Our
corporate team also maintains a VPN connection between their office and our campus,
both sides of the connection run SonicWall devices as do all of our campuses; which
means if one campus gets attacked it would be possible for every campus to get breached.
This could then lead to a Ransomware attack on every campus in our organization.
Luckily there is an easy way to mitigate this risk. Lucky for everyone involved,
WindRiver, as soon as WindRiver got the information they patched the IPNet framework
and let all the distributors and integrators that used a vulnerable version of VXWorks of
the dangers and patches were created. That means if your device is vulnerable to this
set of vulnerabilities a patch has most likely been built and all that needs to be done is
upgrade your device firmware to become safe. Also as a way to help companies find
vulnerable devices on their network Armis has created an Urgent/11 detector that is
Research Conducted
To research this topic I looked up the article written by Armis, as well as the article on
WindRiver’s website. I also looked up the information SonicWall had published on their site
since that was the hardware that my company had on site that was vulnerable to this
RISK 5
Summary
a wide range of industries. Urgent/11 would allow an attacker to bypass most modern
security devices like a firewall by exploiting the TCP/IP stack used in WindRiver’s
VXWorks RTOS. Once a device has been compromised, it can be used to steal data,
like patient data, or used to pivot to another device on the network. A way to protect
from Urgent/11 is to upgrade the firmware, where possible, on all devices that run
VXWorks, and to have a security system in place that can monitor IoT devices that can
References
R (Version 4.0.2; Gmuender, 2019) and the R-packages base (Version 4.0.2;
Gmuender, 2019), and papaja (Version 0.1.0.9997; Aust & Barth, 2020)
Aust, F., & Barth, M. (2020). papaja: Create APA manuscripts with R Markdown.
Gmuender, J. (2019). Wind river vxworks and urgent/11: Patch now. SonicWall.
vxworks-and-urgent-11-patch-now/
A. (2020, March 27). URGENT/11 Leaves Billions of Devices Open to Cyber Security
Risks. Retrieved September 21, 2020, from https://www.armis.com/urgent11/
Gmuender, J. (2019, July 29). Wind River VxWorks and URGENT/11: Patch Now.
Retrieved September 21, 2020, from https://blog.sonicwall.com/en-us/2019/07/wind-river-
vxworks-and-urgent-11-patch-now/
Host, R. (2019, August 02). SonicWall URGENT/11 vulnerabilities. Retrieved September
21, 2020, from https://support.swanlibraries.net/news/2019-08/66781
SonicWall SonicOS Firewall Multiple Management Vulnerabilities (URGENT/11). (2019,
July 29). Retrieved September 21, 2020, from
https://www.tenable.com/plugins/nessus/127107
Vulnerabilities in medical devices prompt FDA & DHS to issue advisories. (2019, October
29). Retrieved September 21, 2020, from https://www.armis.com/resources/iot-security-
blog/urgent-11-update/