Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0162Reliance on Security Through Obscurity in Microsoft Windows Embedded Compact

CWE-656Reliance on Security Through ObscurityCWE-657Violation of Secure Design Principles5 documents4 sources
Severity
7.5HIGHNVD
EPSS
7.3%
top 8.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows Embedded Compact
Timeline
PublishedJan 1
Latest updateApr 30

Description

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-3r7x-xp2q-64p6: WinCE 32022-04-30

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number1999-09-27

📐Framework References

2
CWE
Reliance on Security Through Obscurity
CWE
Violation of Secure Design Principles
CVE-2001-0162 — Reliance on Security Through Obscurity | cvebase