ghsa-j6gp-g45q-2wm2
Vulnerability from github
Published
2022-05-24 17:41
Modified
2022-12-13 12:30
Severity
Details
A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
{
"affected": [],
"aliases": [
"CVE-2020-28388"
],
"database_specific": {
"cwe_ids": [
"CWE-342"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-09T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Nucleus NET (All versions \u003c V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions \u003c V2012.12). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.",
"id": "GHSA-j6gp-g45q-2wm2",
"modified": "2022-12-13T12:30:22Z",
"published": "2022-05-24T17:41:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28388"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading...