6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.8%
Attackers in a privileged network position may be able to obtain TCP sequence numbers (SEQ) from the BIG-IP system for a short period of time (up to 4 seconds) that will be reused in future connections with the same source and destination port and IP numbers.
Impact
Attackers in a privileged network position can spoof SEQ to be used by a future connection.
Note: This vulnerability is specific to BIG-IP virtual servers. However, some network scanners may incorrectly identify this issue as CVE-2002-1463. Additionally, this vulnerability only affects BIG-IP platforms equipped with the HSBe2 chip. For more information, refer to K14779: Overview of BIG-IP SYN cookie protection (11.3.x - 12.x).