Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0230 — Small Space of Random Values in Network Data Loss Prevention

CWE-334 — Small Space of Random Values CWE-39924 documents10 sources

Severity

5.0MEDIUMNVD

EPSS

9.3%

top 7.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Juniper Junos Mcafee Network Data Loss Prevention IBM OS 400 +8 more

Timeline

PublishedAug 18

Latest updateJul 27

Description

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages10 packages

▶NVDmcafee/network_data_loss_prevention8.6+3

▶NVDjuniper/junos< 11.4+14

▶NVDsun/sunos5.10, 5.11+1

▶NVDibm/os_400r530, r535+1

▶debiandebian/linux

Also affects: Netbsd 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.6.2, 2.0

Patches

Patch: www.oracle.com ↗Patch: kc.mcafee.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5mm-hvcj-hj6j: Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a dif↗2022-05-17

▶

GHSA

GHSA-58p6-7f25-xqv3: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to↗2022-05-03

▶

GHSA

GHSA-vpm6-vh97-9hqc: Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TC↗2022-05-01

▶

OSV

CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to↗2004-08-18

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)↗2005-04-17

▶

Exploit-DB

Multiple Vendor - TCP Sequence Number Approximation (4)↗2004-04-23

▶

Exploit-DB

TCP Connection Reset - Remote Denial of Service↗2004-04-23

▶

Exploit-DB

Microsoft Windows XP/2000 - TCP Connection Reset↗2004-04-22

▶

Exploit-DB

Multiple Vendor - TCP Sequence Number Approximation (3)↗2004-04-20

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:19.tcp: Denial of Service in TCP packet processing↗2014-09-16

▶

Cisco

TCP Vulnerabilities in Multiple Non-IOS Cisco Products↗2004-04-21

▶

Cisco

TCP Vulnerabilities in Multiple IOS-Based Cisco Products↗2004-04-21

▶

Debian

CVE-2004-0230: linux - TCP, when using a large Window Size, makes it easier for remote attackers to gue...↗2004

▶

Cisco

TCP Vulnerabilities in Multiple IOS-Based Cisco Products↗

▶

🕵️Threat Intelligence

Trendmicro

Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack↗2022-07-27

▶

Trendmicro

Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack↗2022-07-27

▶

Trendmicro

Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack↗2022-07-27

▶

📐Framework References

CWE

Small Space of Random Values↗

▶