Network Protocol Vulnerability in Fuchsia by Google
CVE-2024-10604
6.9MEDIUM
Summary
The vulnerability in Fuchsia relates to the algorithms that generate key network protocol header fields including TCP Initial Sequence Numbers (ISN), TCP timestamps, source ports for both TCP and UDP, and the fragment IDs for IPv4 and IPv6. Due to weaknesses in these algorithms, it is possible for an attacker to predict these values under specific conditions. This can lead to various security risks, including session hijacking and unauthorized access to sensitive data, making it essential for users and systems relying on Fuchsia to assess and implement necessary security measures.
Affected Version(s)
Fuchsia Release F19
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved