← volver
CVE-2023-45237

Use of a Weak PseudoRandom Number Generator in EDK II Network Package

CVSS 5.3 MEDIUMEPSS 1.0%CWE-338
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
TianoCore · edk2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hhttps://security.netapp.com/advisory/ntap-20240307-0011/https://www.kb.cert.org/vuls/id/132380http://www.openwall.com/lists/oss-security/2024/01/16/2