Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-FX3C-8PQX-5V4C

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
  "id": "GHSA-fx3c-8pqx-5v4c",
  "modified": "2025-04-20T03:46:56Z",
  "published": "2022-05-13T01:43:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13082"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2907"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/kracks"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vanhoefm/krackattacks-test-ap-ft"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-03"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-11-01"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.krackattacks.com"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3999"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/228519"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101274"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039570"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039571"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039573"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039581"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3455-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FX6X-7XGX-2WWP

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2025-05-05 18:30
VLAI
Details

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-04T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance.",
  "id": "GHSA-fx6x-7xgx-2wwp",
  "modified": "2025-05-05T18:30:44Z",
  "published": "2022-05-24T17:19:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13817"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-12"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200625-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FXFF-WXXV-C2JC

Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2024-10-14 17:04
VLAI
Summary
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
Details

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pypinksign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-48056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-17T21:42:37Z",
    "nvd_published_at": "2023-11-16T18:15:07Z",
    "severity": "HIGH"
  },
  "details": "PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.",
  "id": "GHSA-fxff-wxxv-c2jc",
  "modified": "2024-10-14T17:04:19Z",
  "published": "2023-11-16T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48056"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bandoche/PyPinkSign/issues/29"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bandoche/PyPinkSign/commit/e1809ddf6a266e9007e10f0486b462fa7f89a43d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bandoche/PyPinkSign"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bandoche/PyPinkSign/blob/main/pypinksign/pypinksign.py#L504"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bandoche/PyPinkSign/blob/main/pypinksign/pypinksign.py#L537"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pypinksign/PYSEC-2023-245.yaml"
    },
    {
      "type": "WEB",
      "url": "https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption"
}

GHSA-FXHG-25Q8-4697

Vulnerability from github – Published: 2022-11-07 12:00 – Updated: 2025-06-24 18:33
VLAI
Details

An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-44795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-07T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Object First 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, an attacker can get access to system logs. An attacker would need credentials to exploit this vulnerability. This is fixed in 1.0.13.1611.",
  "id": "GHSA-fxhg-25q8-4697",
  "modified": "2025-06-24T18:33:07Z",
  "published": "2022-11-07T12:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44795"
    },
    {
      "type": "WEB",
      "url": "https://objectfirst.com/security/of-20221024-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G24W-373R-5PXG

Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2022-11-01 23:37
VLAI
Summary
Use of Insufficiently Random Values in Apereo CAS
Details

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apereo.cas:cas-server-support-simple-mfa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.0-RC5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apereo.cas:cas-server-support-oidc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.0-RC5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apereo.cas:cas-server-core-services-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.0-RC5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apereo.cas:cas-server-support-oauth-core-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.0-RC5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apereo.cas:cas-server-support-shell"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.0-RC5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apereo.cas:cas-server-core-services-authentication"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.1.0-RC5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T23:37:32Z",
    "nvd_published_at": "2019-09-23T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG\u0027s algorithm not being cryptographically strong.",
  "id": "GHSA-g24w-373r-5pxg",
  "modified": "2022-11-01T23:37:32Z",
  "published": "2022-05-24T16:56:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10754"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apereo/cas/commit/40bf278e66786544411c471de5123e7a71826b9f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apereo/cas"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Insufficiently Random Values in Apereo CAS"
}

GHSA-G3P2-HFQR-9M25

Vulnerability from github – Published: 2021-11-23 17:54 – Updated: 2023-06-30 20:31
VLAI
Summary
Improper file handling in concrete5/core
Details

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration. To fix this, a check for allowed file extensions was added before downloading files to a tmp directory

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.5.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-22968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-98"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-22T19:41:50Z",
    "nvd_published_at": "2021-11-19T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it\u0027s possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration. To fix this, a check for allowed file extensions was added before downloading files to a tmp directory",
  "id": "GHSA-g3p2-hfqr-9m25",
  "modified": "2023-06-30T20:31:40Z",
  "published": "2021-11-23T17:54:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22968"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1350444"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/developers/introduction/version-history/857-release-notes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/olsgreen/concrete5-core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper file handling in concrete5/core"
}

GHSA-G3WC-XV93-445Q

Vulnerability from github – Published: 2022-12-18 12:30 – Updated: 2022-12-22 23:06
VLAI
Summary
DNS NuGet package uses insufficiently random values
Details

A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 can address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DNS"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-4248"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-22T23:06:24Z",
    "nvd_published_at": "2022-12-18T11:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 can address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188.",
  "id": "GHSA-g3wc-xv93-445q",
  "modified": "2022-12-22T23:06:24Z",
  "published": "2022-12-18T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4248"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kapetan/dns/pull/88"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kapetan/dns"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kapetan/dns/releases/tag/v7.0.0"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DNS NuGet package uses insufficiently random values"
}

GHSA-G4Q8-QVC6-PX3P

Vulnerability from github – Published: 2022-07-12 00:00 – Updated: 2022-07-19 00:00
VLAI
Details

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-35163"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-11T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,\nversions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.",
  "id": "GHSA-g4q8-qvc6-px3p",
  "modified": "2022-07-19T00:00:25Z",
  "published": "2022-07-12T00:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35163"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G5X6-QXV4-VXW3

Vulnerability from github – Published: 2024-03-28 03:30 – Updated: 2025-01-14 06:32
VLAI
Details

Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to change settings via the internet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-28T01:15:47Z",
    "severity": "MODERATE"
  },
  "details": "Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to change settings via the internet.",
  "id": "GHSA-g5x6-qxv4-vxw3",
  "modified": "2025-01-14T06:32:00Z",
  "published": "2024-03-28T03:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28013"
    },
    {
      "type": "WEB",
      "url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
    },
    {
      "type": "WEB",
      "url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G82M-Q2G7-55JC

Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:29
VLAI
Details

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-10T17:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.",
  "id": "GHSA-g82m-q2g7-55jc",
  "modified": "2024-04-04T08:29:52Z",
  "published": "2023-10-10T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27630"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"
    },
    {
      "type": "WEB",
      "url": "https://www.forescout.com"
    },
    {
      "type": "WEB",
      "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.