Vulnerabilities > CVE-2014-5409 - Predictable Random Number Generator Weakness in General Electric (GE) Hydran M2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ge

Summary

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. <a href="http://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>

Vulnerable Configurations

Part Description Count
Hardware
Ge
1