CVE-2023-45237 HIGH

Published: 2024-01-16 | Last Modified: 2025-11-04 | Status: Modified

Description

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Additional Descriptions (1)

EDK2's Network Package es susceptible a Initial Sequence Number TCP predecible. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una pérdida de confidencialidad.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-338
[email protected]	Primary	en CWE-338

Affected Products

Vendor	Product	Version	Update	Type
tianocore	edk2	*	<built-in method update of dict object at 0x7b06ffc590c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:tianocore:edk2::::::::`

References

http://www.openwall.com/lists/oss-security/2024/01/16/2
Source: [email protected]

Mailing List
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
Source: [email protected]

Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0011/
Source: [email protected]
http://www.openwall.com/lists/oss-security/2024/01/16/2
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0011/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/132380
Source: af854a3a-2127-422b-91ae-364da2661108