Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1463

CWE-3425 documents5 sources
Severity
7.5HIGH
EPSS
13.4%
top 5.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Symantec Enterprise FirewallSymantec Gateway SecuritySymantec Raptor Firewall+1 more
Timeline
PublishedJun 9
Latest updateApr 30

Description

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDsymantec/raptor_firewall6.5, 6.5.3+1
NVDsymantec/velociraptor6 versions+5
NVDsymantec/gateway_security5110, 5200, 5300+2

Patches

Patch: archives.neohapsis.comPatch: www.symantec.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-qmx6-x96x-xp97: Symantec Raptor Firewall 62022-04-30
CVEList
CVE-2002-1463: Symantec Raptor Firewall 62004-09-01

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.2 - Predictable TCP Initial Sequence Number1999-09-27

📐Framework References

1
CWE
Predictable Exact Value from Previous Values