Vulnerabilities > CVE-2023-45236 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
tianocore
CWE-338

Summary

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.