← voltar
CVE-2023-45237

Use of a Weak PseudoRandom Number Generator in EDK II Network Package

CVSS 5.3 MEDIUMEPSS 1.0%CWE-338
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
TianoCore · edk2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7hhttps://security.netapp.com/advisory/ntap-20240307-0011/https://www.kb.cert.org/vuls/id/132380http://www.openwall.com/lists/oss-security/2024/01/16/2