Vulnerabilities > CVE-2023-45237 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
- https://security.netapp.com/advisory/ntap-20240307-0011/
- https://security.netapp.com/advisory/ntap-20240307-0011/