Описание
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
A security flaw has been identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker to potentially disclose sensitive information.
Отчет
The identified flaw in the NetworkPkg IP stack within the EDK2, an open-source UEFI implementation, poses a moderate security concern as the vulnerability allows an unauthenticated attacker within the same local network to exploit.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
7.5 High
CVSS3