Published: 16/01/2024 Updated: 07/03/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tianocore edk2

Debian Bug report logs - #1061256 edk2: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2023-45236 CVE-2023-45237 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@de ...

Debian Bug report logs - #1063726 edk2: CVE-2023-45236 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 21 Jan 2024 15:57:01 UTC Severity: important Found in version edk2/202311-5 Forwarded t ...

Debian Bug report logs - #1063727 edk2: CVE-2023-45237 Package: src:edk2; Maintainer for src:edk2 is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 21 Jan 2024 15:57:01 UTC Severity: important Found in version edk2/202311-5 Forwarded t ...

DescriptionThis CVE is under investigation by Red Hat Product Security ...

CWE-338 https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h http://www.openwall.com/lists/oss-security/2024/01/16/2 https://security.netapp.com/advisory/ntap-20240307-0011/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256 https://access.redhat.com/security/cve/cve-2023-45236

CVE-2023-45236

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect