Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0751Reliance on Security Through Obscurity in Cisco Cbos

CWE-656Reliance on Security Through ObscurityCWE-657Violation of Secure Design Principles6 documents5 sources
Severity
7.5HIGHNVD
EPSS
10.3%
top 6.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Cbos
Timeline
PublishedOct 18
Latest updateApr 30

Description

Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/cbos2.3.8

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-v59f-9wq8-3hgg: Cisco switches and routers running CBOS 22022-04-30
CVEList
CVE-2001-0751: Cisco switches and routers running CBOS 22002-03-09

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number1999-09-27

📐Framework References

2
CWE
Reliance on Security Through Obscurity
CWE
Violation of Secure Design Principles
CVE-2001-0751 — Reliance on Security Through Obscurity | cvebase