TianoCoreCVELIST:CVE-2023-45237CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.2%
EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "edk2",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "edk2-stable202308"
}
]
}
]Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.2%