CVE-2020-27213
First published: Tue Oct 10 2023(Updated: )
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ethernut Nut\/os | =5.1 | |
| Multiple Nut/Net, Version 5.1 and prior | ||
| Multiple CycloneTCP, Version 1.9.6 and prior | ||
| Multiple NDKTCPIP, Version 2.25 and prior | ||
| Multiple FNET, Version 4.6.3 | ||
| Multiple uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior | ||
| Multiple uC/TCP-IP (EOL), Version 3.6.0 and prior | ||
| Multiple uIP-Contiki-NG, Version 4.5 and prior | ||
| Multiple uIP (EOL), Version 1.0 and prior | ||
| Multiple picoTCP-NG, Version 1.7.0 and prior | ||
| Multiple picoTCP (EOL), Version 1.7.0 and prior | ||
| Multiple MPLAB Net, Version 3.6.1 and prior | ||
| Multiple Nucleus NET, All versions prior to Version 5.2 | ||
| Multiple Nucleus ReadyStart for ARM, MIPS, and PPC, All versions prior to Version 2012.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ethernut
- canonical/ethernut nut\/os
- version/ethernut nut\/os/5.1
- vendor/multiple
- canonical/multiple nut/net, version 5.1 and prior
- canonical/multiple cyclonetcp, version 1.9.6 and prior
- canonical/multiple ndktcpip, version 2.25 and prior
- canonical/multiple fnet, version 4.6.3
- canonical/multiple uip-contiki-os (end-of-life [eol]), version 3.0 and prior
- canonical/multiple uc/tcp-ip (eol), version 3.6.0 and prior
- canonical/multiple uip-contiki-ng, version 4.5 and prior
- canonical/multiple uip (eol), version 1.0 and prior
- canonical/multiple picotcp-ng, version 1.7.0 and prior
- canonical/multiple picotcp (eol), version 1.7.0 and prior
- canonical/multiple mplab net, version 3.6.1 and prior
- canonical/multiple nucleus net, all versions prior to version 5.2
- canonical/multiple nucleus readystart for arm, mips, and ppc, all versions prior to version 2012.12