Lucene search
K

75 matches found

Vulnrichment
Vulnrichment
added 2024/01/16 4:11 p.m.29 views

CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

5.3CVSS6.4AI score0.00986EPSS
Exploits0References3
CVE
CVE
added 2024/01/16 4:11 p.m.126 views

CVE-2023-45237

EDK2 Network Package is vulnerable to a predictable TCP Initial Sequence Number (CVE-2023-45237) which could lead to unauthorized access and confidentiality loss. Several connected advisories note a patched version is available; remediation is to update edk2 to a fixed release per vendor/ distro ...

7.5CVSS6.4AI score0.00986EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 4:10 p.m.5 views

CVE-2023-45236 Predictable TCP ISNs in EDK II Network Package

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

5.8CVSS7.6AI score0.00986EPSS
Exploits0References3
CVE
CVE
added 2024/01/16 4:10 p.m.104 views

CVE-2023-45236

CVE-2023-45236 affects EDK II’s Network Package, which is vulnerable to a predictable TCP Initial Sequence Number. Public descriptions in connected documents identify the affected component as EDK II’s Network Package and note that exploitation could lead to unauthorized access and potential loss...

7.5CVSS6.6AI score0.00986EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.7 views

PT-2024-1256

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of...

9.1CVSS8AI score0.73461EPSS
Exploits4References280
BDU FSTEC
BDU FSTEC
added 2023/05/22 12:0 a.m.7 views

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products allows attackers to intercept existing sessions.

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products is related to the predictability of random session numbers. Exploiting this vulnerability allows a malicious actor to intercept existing sessions remotely...

5.3CVSS5.8AI score0.01555EPSS
Exploits0References7Affected Software5
CNNVD
CNNVD
added 2023/02/10 12:0 a.m.6 views

KASAGO IPv6/v4 Dual 安全特征问题漏洞

KASAGO IPv6/v4 Dual is KASAGO's protocol middleware for TCP/IP communication. A security vulnerability exists in KASAGO IPv6/v4 Dual that stems from an insufficiently randomized ISN Initial Sequence Number. An attacker can exploit this vulnerability to predict the value of the ISN...

9.1CVSS7.1AI score0.00565EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/10 12:0 a.m.10 views

CVE-2022-43501

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNsInitial Sequence Number for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones...

7AI score0.00565EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/25 2:15 a.m.2 views

CVE-2021-45488

In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...

7.5CVSS7.1AI score0.00964EPSS
Exploits0References3
OSV
OSV
added 2021/12/25 2:15 a.m.2 views

CVE-2021-45488

In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...

7.5CVSS5.8AI score0.00964EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/25 12:0 a.m.4 views

NetBSD 安全特征问题漏洞

NetBSD is an open source Unix-like operating system from the NetBSD Foundation. NetBSD suffers from a security signature issue vulnerability that stems from an information leak in the TCP ISN ISS generation algorithm in NetBSD through 9.2...

7.5CVSS7.3AI score0.00964EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.6 views

Siemens SIMATIC 安全特征问题漏洞

The LOGO! CMR family is a communication system for monitoring and controlling distributed devices and systems via text messages or e-mail.Siemens SIMATIC RTU3000C is a compact RTU from Siemens, Germany is a low-power remote terminal unit RTU for energy self-sufficiency. A vulnerability in the...

5.4CVSS5.7AI score0.00356EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.7 views

The vulnerability of the implementations of the ISN generators for TCP/IP NicheLite and InterNiche allows attackers to perform spoofing attacks.

The vulnerability of the ISN generator implementations for TCP/IP NicheLite and InterNiche is related to the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

7.8CVSS8AI score0.02051EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/09 12:0 a.m.9 views

The vulnerability in the implementation of the ISN generator of the protocol stack used in Contiki OS and uIP allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ISN generator implementation used in the Contiki OS and uIP is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

6.5CVSS7.7AI score0.01716EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/09 12:0 a.m.4 views

The vulnerability of the implementation of the ISN generator for the PicoTCP protocol stack allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ISN generator implementation in the PicoTCP protocol stack is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

6.5CVSS7.7AI score0.00871EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/05 12:0 a.m.4 views

PT-2021-2229 · Siemens · Simatic Mv400

Name of the Vulnerable Software and Affected Versions: SIMATIC MV400 family versions prior to v7.0.6 Description: The issue is related to the implementation of the ISN generator in the TI-NDKTCPIP protocol stack, which uses insufficiently random values. This could allow a remote attacker to predi...

7.5CVSS7.3AI score0.01212EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2021/03/04 12:0 a.m.5 views

The vulnerability of the ISN IP pool generator implementation used in NutOS and Nut/Net arises from the use of insufficiently random values, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of the ISN IP pool generator implemented in NutOS and Nut/Net relates to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

6.5CVSS7.2AI score0.00973EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/03/04 12:0 a.m.6 views

The vulnerability of the implementation of the ISN generator in the protocols used by uC/OS and uC/TCP-IP allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ISN generator implementation in the uC/OS and uC/TCP-IP protocols is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

6.5CVSS7.7AI score0.01083EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2020/03/05 9:15 a.m.17 views

Code injection

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

5CVSS9.2AI score0.00674EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/05 8:56 a.m.27 views

CVE-2019-2317

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

9.4AI score0.00674EPSS
Exploits0References1
Rows per page
Query Builder