Information Disclosure in NetBSD TCP Sequence Number Generation
CVE-2021-45488

7.5HIGH

Key Information:

Vendor: Netbsd
Status: Netbsd
Vendor: CVE Published:; 25 December 2021

What is CVE-2021-45488?

The vulnerability in NetBSD affects its TCP initial sequence number (ISN) generation mechanism, which may inadvertently disclose sensitive information. Through this weakness, an attacker can potentially predict TCP sequence numbers, enabling session hijacking or man-in-the-middle attacks. The issue is present in NetBSD versions up to 9.2, necessitating prompt updates and security measures to mitigate risks associated with unsuccessful implementation of secure sequence number generation. For detailed security advisories, refer to the related documentation provided by NetBSD.

References

https://arxiv.org/pdf/2112.09604.pdf

x_refsource_MISC

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetB...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2021
Vulnerability Reserved
Dec 25, 2021

CVE-2021-45488 Data

JSON

Netbsd

What is CVE-2021-45488?

References

CVSS V3.1

Timeline