Vulnerabilities > CVE-2023-45237 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tianocore

CWE-338

NVD

Published: 2024-01-16

Updated: 2024-03-07

Summary

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Vulnerable Configurations

Part	Description	Count
Application	Tianocore Tianocore Edk2 - Tianocore Edk2 2017-11-07 Tianocore Edk2 2020-10-21 Tianocore Edk2 201808 Tianocore Edk2 201811 Tianocore Edk2 201903 Tianocore Edk2 201905 Tianocore Edk2 201908 Tianocore Edk2 201911 Tianocore Edk2 202002 Tianocore Edk2 202005 Tianocore Edk2 202008 Tianocore Edk2 202011 Tianocore Edk2 202102 Tianocore Edk2 202105 Tianocore Edk2 202108 Tianocore Edk2 202111 Tianocore Edk2 202202 Tianocore Edk2 202205 Tianocore Edk2 202208 Tianocore Edk2 202211 Tianocore Edk2 202302 Tianocore Edk2 202305 Tianocore Edk2 202308 Tianocore Edk2 202311	30

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References