CVE-2001-0328
published 2001-06-27CVE-2001-0328: TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
18.13%
96.8th percentile
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jvrp-wcjq-4xx5: TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruptio
ghsa_unreviewed·2022-05-03
CVE-2001-0328 [MEDIUM] GHSA-jvrp-wcjq-4xx5: TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruptio
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.
Red Hat
kernel: TCP connection ISN hijacks
vendor_redhat·2001-05-01·CVSS 5.0
CVE-2001-0328 [MEDIUM] kernel: TCP connection ISN hijacks
kernel: TCP connection ISN hijacks
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.
Statement: This issue did NOT affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel-rt (Red Hat Enterprise MRG 2) - Not affected
Cisco
Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
vendor_cisco·2001-03-01
CVE-1999-0077 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Cisco IOS�� Software contains a flaw that
permits the successful prediction of TCP Initial Sequence Numbers.
This vulnerability is present in all released versions of Cisco IOS
software running on Cisco routers and switches. It only affects the security of
TCP connections that originate or terminate on the affected Cisco device
itself; it does not apply to TCP traffic forwarded through the affected device
in transit between two other hosts.
To remove the vulnerability, Cisco is offering free software upgrades
for all affected platforms. The defect is described in DDTS record
CSCds04747.
Workarounds are available that limit or deny successful exploitation
of the vulnerability by filtering traffic containing forged
Cisco
Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
vendor_cisco
CVE-2001-0328 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
CVE-2001-0328: Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Cisco IOS ?? Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts. To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747.
Bug IDs: CSCds04747, CSCds04747
No detection rules found.
CWE
Reliance on Security Through Obscurity
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-656 Reliance on Security Through Obscurity
CWE-656: Reliance on Security Through Obscurity
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
This reliance on "security through obscurity" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality,
CWE
Violation of Secure Design Principles
mitre_cwe
CWE-657 Violation of Secure Design Principles
CWE-657: Violation of Secure Design Principles
The product violates well-established principles for secure design.
This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
Modes of Introduction:
Phase: Architecture and Design
Common Consequences:
Scope: Other. Impact: Other.
Examples:
Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer coul
ftp://patches.sgi.com/support/free/security/advisories/20030201-01-Phttp://secunia.com/advisories/8044http://securityreason.com/securityalert/57http://www.cert.org/advisories/CA-2001-09.htmlhttp://www.securityfocus.com/bid/2682http://www.securitytracker.com/id/1033181https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4922https://support.f5.com/csp/article/K19063943?utm_source=f5support&%3Butm_medium=RSSftp://patches.sgi.com/support/free/security/advisories/20030201-01-Phttp://secunia.com/advisories/8044http://securityreason.com/securityalert/57http://www.cert.org/advisories/CA-2001-09.htmlhttp://www.securityfocus.com/bid/2682http://www.securitytracker.com/id/1033181https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4922https://support.f5.com/csp/article/K19063943?utm_source=f5support&%3Butm_medium=RSS
2001-06-27
Published