CVE-2008-3612

EPSS 2.52%
Published 11.09.2008 01:13:09
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version >= 2.0.0 <= 2.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.52%	0.84

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

Vendor Advisory

Mailing List

http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

Vendor Advisory

Mailing List

http://secunia.com/advisories/31823

Vendor Advisory

Broken Link

http://secunia.com/advisories/31900

Vendor Advisory

Broken Link

http://support.apple.com/kb/HT3026

Vendor Advisory

http://support.apple.com/kb/HT3129

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2525

Vendor Advisory

Broken Link

http://www.vupen.com/english/advisories/2008/2558

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/31092

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1020848

Third Party Advisory

Broken Link

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-3612

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3612

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3612

EUVD