TCP Implementations with Random Initial Sequence Numbers Vulnerability in Multiple Products
CVE-2001-0328

Currently unrated

Key Information:

Vendor: Multiple Vendors
Status: TCP Implementations
Vendor: CVE Published:; 27 June 2001

🔔 Create Multiple Vendors Vulnerability Alert

What is CVE-2001-0328?

This vulnerability occurs in TCP implementations that utilize random increments for initial sequence numbers (ISNs). It enables remote attackers to hijack or disrupt sessions by injecting a flood of packets that include ISNs in a range, potentially allowing an attacker to guess and match the expected ISN. Such attacks can lead to unauthorized access and data breaches, posing significant risks to the integrity and confidentiality of communications.

References

http://secunia.com/advisories/8044

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1033181

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

28% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2001
Vulnerability Reserved
Apr 23, 2001

JSON