CVE-2018-7356

EPSS 0.19%
Veröffentlicht 01.11.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 04:12:03
Quelle psirt@zte.com.cn
CVE-Watchlists
Login
Unerledigt
Login

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxr10 8905e Firmware Version <= 3.03.10.b23p2

Zte ≫ Zxr10 8905e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.376

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@zte.com.cn	5.6	2.2	3.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009783

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-7356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-7356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-7356

EUVD