Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-18625

Опубликовано: 06 янв. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:oisf:suricata:5.0.0:-:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.00254
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2019-18625

CVSS3: 7.5
ubuntu
около 6 лет назад

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.

debian логотип

CVE-2019-18625

CVSS3: 7.5
debian
около 6 лет назад

An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...

github логотип

GHSA-h726-j7j2-xhpf

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.

fstec логотип

BDU:2023-06878

CVSS3: 9.1
fstec
около 6 лет назад

Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с некорректным подтверждением значения проверки целостности, позволяющая нарушителю обойти или нейтрализовать любую сигнатуру основанную на протоколе TCP

EPSS

Процентиль: 48%
0.00254
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo