A zero-day bug was found in the uClibic library, which is a library intended for Linux-based operating systems for embedded systems like IoT devices. The bug named ICS-VU-638779 is not yet patched, which may lead to a DNS poisoning attack.
The attacker can use DNS poisoning or DNS spoofing and also known as DNS cache poisoning, to redirect the victim to a malicious website controlled by an attacker.
In the sight of the Nozomi networks, it is not currently available to the developer of uClibc, leaving more than 200 vendors at risk.
The DNS poisoning attack provides to act by translating domain names into IP addresses. Nozomi warned the uClibic library has some peculiar is going on. After investigation, the analysts found that the DNS lookup request’s transaction ID was guessable.
The attackers steal the information and use it to compromise the device for other attacks.
Nozomi found the flaw and informed the CISA. then CERT reported to the coordination center and finally, in January 2022 it disclosed the bug that over 200 vendors were impacted.
In this digital world, we keep an eye on the updates and frameworks released by vendors.
