CVE-2015-3963

Sažetak

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01
http://www.securityfocus.com/bid/75302
http://www.securitytracker.com/id/1032730
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A
http://www.securitytracker.com/id/1033181
https://security.netapp.com/advisory/ntap-20160324-0001/

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

22-07-2021 - 13:09

Objavljeno

04-08-2015 - 01:59