Vulnerability Details CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.4%
CVSS Severity
CVSS v3 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://security.netapp.com/advisory/ntap-20240307-0011/
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://security.netapp.com/advisory/ntap-20240307-0011/
Products affected by CVE-2023-45236
-
cpe:2.3:a:tianocore:edk2:-
-
cpe:2.3:a:tianocore:edk2:2017-11-07
-
cpe:2.3:a:tianocore:edk2:201808
-
cpe:2.3:a:tianocore:edk2:201811
-
cpe:2.3:a:tianocore:edk2:201903
-
cpe:2.3:a:tianocore:edk2:201905
-
cpe:2.3:a:tianocore:edk2:201908
-
cpe:2.3:a:tianocore:edk2:201911
-
cpe:2.3:a:tianocore:edk2:2020-10-21
-
cpe:2.3:a:tianocore:edk2:202002
-
cpe:2.3:a:tianocore:edk2:202005
-
cpe:2.3:a:tianocore:edk2:202008
-
cpe:2.3:a:tianocore:edk2:202011
-
cpe:2.3:a:tianocore:edk2:202102
-
cpe:2.3:a:tianocore:edk2:202105
-
cpe:2.3:a:tianocore:edk2:202108
-
cpe:2.3:a:tianocore:edk2:202111
-
cpe:2.3:a:tianocore:edk2:202202
-
cpe:2.3:a:tianocore:edk2:202205
-
cpe:2.3:a:tianocore:edk2:202208
-
cpe:2.3:a:tianocore:edk2:202211
-
cpe:2.3:a:tianocore:edk2:202302
-
cpe:2.3:a:tianocore:edk2:202305
-
cpe:2.3:a:tianocore:edk2:202308
-
cpe:2.3:a:tianocore:edk2:202311