CVE-2003-1230Small Space of Random Values in Cisco IOS

CWE-334Small Space of Random ValuesCWE-422Shatter6 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.5%
top 33.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedDec 31
Latest updateApr 29

Description

The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

ciscocisco/ios

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-7hx3-c6gv-rvgg: The implementation of SYN cookies (syncookies) in FreeBSD 42022-04-29

📋Vendor Advisories

2
Cisco
Cisco IOS Software TCP Initial Sequence Number Randomization Improvements2001-03-01
Cisco
Cisco IOS Software TCP Initial Sequence Number Randomization Improvements

📐Framework References

2
CWE
Small Space of Random Values
CWE
Unprotected Windows Messaging Channel ('Shatter')
CVE-2003-1230 — Small Space of Random Values in Cisco | cvebase