CVE-2008-3612

EPSS 2.52%
Veröffentlicht 11.09.2008 01:13:09
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version >= 2.0.0 <= 2.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.52%	0.84

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

Vendor Advisory

Mailing List

http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

Vendor Advisory

Mailing List

http://secunia.com/advisories/31823

Vendor Advisory

Broken Link

http://secunia.com/advisories/31900

Vendor Advisory

Broken Link

http://support.apple.com/kb/HT3026

Vendor Advisory

http://support.apple.com/kb/HT3129

Vendor Advisory

http://www.vupen.com/english/advisories/2008/2525

Vendor Advisory

Broken Link

http://www.vupen.com/english/advisories/2008/2558

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/31092

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id?1020848

Third Party Advisory

Broken Link

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-3612

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3612

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3612

EUVD