CVE-2020-27213
published 2023-10-10CVE-2020-27213: An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.97%
57.5th percentile
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethernut | nut_os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Multiple Embedded TCP/IP Stacks (Update B)
cisa_ics·2021-02-18
Multiple Embedded TCP/IP Stacks (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple Embedded TCP/IP Stacks (Update B)
Last RevisedNovember 11, 2021
Alert CodeICSA-21-042-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Multiple
- Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart
- Vulnerabilities: Use of Insufficiently Random Values
CISA is aware of a public report, known as “NUMBER:JACK” that details vulnerabilities found in multiple open-source and proprietary TCP/IP stacks. CISA
GHSA
GHSA-5wm2-v84q-jw9v: An issue was discovered in Ethernut Nut/OS 5
ghsa_unreviewed·2023-10-10
CVE-2020-27213 [HIGH] CWE-330 GHSA-5wm2-v84q-jw9v: An issue was discovered in Ethernut Nut/OS 5
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.
No detection rules found.
No public exploits indexed.
http://lists.egnite.de/mailman/listinfo/en-nut-announcehttp://www.ethernut.de/en/download/index.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/http://lists.egnite.de/mailman/listinfo/en-nut-announcehttp://www.ethernut.de/en/download/index.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
2023-10-10
Published