Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0288 — Reliance on Security Through Obscurity in Cisco IOS

CWE-656 — Reliance on Security Through Obscurity CWE-657 — Violation of Secure Design Principles5 documents4 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco IOS

Timeline

PublishedMay 3

Latest updateApr 30

Description

Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/ios12.1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-85gx-fwrr-6mpx: Cisco switches and routers running IOS 12↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.2 - Predictable TCP Initial Sequence Number↗1999-09-27

▶

📐Framework References

CWE

Reliance on Security Through Obscurity↗

▶

CWE

Violation of Secure Design Principles↗

▶