CVE-2020-27213 - Vulnerability Details - OpenCVE

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ethernut	Nut\/os

Configuration 1 [-]

cpe:2.3:o:ethernut:nut\/os:5.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.egnite.de/mailman/listinfo/en-nut-announce
http://www.ethernut.de/en/download/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01
https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/

History

Thu, 19 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-10T00:00:00

Updated: 2024-09-19T15:40:41.539Z

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27213

Vulnrichment

Updated: 2024-08-04T16:11:35.970Z

NVD

Status : Modified

Published: 2023-10-10T17:15:10.337

Modified: 2024-11-21T05:20:52.110

Link: CVE-2020-27213

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-27213", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-19T15:40:41.539Z", "dateReserved": "2020-10-19T00:00:00", "datePublished": "2023-10-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-10T16:28:06.631286"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://www.ethernut.de/en/download/index.html"}, {"url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"}, {"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:35.970Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.ethernut.de/en/download/index.html", "tags": ["x_transferred"]}, {"url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", "tags": ["x_transferred"]}, {"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T15:40:31.195595Z", "id": "CVE-2020-27213", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T15:40:41.539Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.ethernut.de/en/download/index.html", "tags": ["x_transferred"]}, {"url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", "tags": ["x_transferred"]}, {"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:35.970Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-27213", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-19T15:40:31.195595Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T15:40:35.819Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://www.ethernut.de/en/download/index.html"}, {"url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"}, {"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-10T16:28:06.631286"}}}, "cveMetadata": {"cveId": "CVE-2020-27213", "state": "PUBLISHED", "dateUpdated": "2024-09-19T15:40:41.539Z", "dateReserved": "2020-10-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-10-10T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ethernut:nut\\/os:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "33F926DD-C48D-4FB6-9CEC-E48DC7FDA4D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Ethernut Nut/OS 5.1. El c\u00f3digo que genera Initial Sequence Numbers (ISN) para conexiones TCP deriva el ISN de una fuente insuficientemente aleatoria. Como resultado, un atacante puede determinar el ISN de las conexiones TCP actuales y futuras y secuestrar las existentes o falsificar las futuras. Si bien el generador de ISN parece cumplir con RFC 793 (donde un contador global de 32 bits se incrementa aproximadamente cada 4 microsegundos), la generaci\u00f3n de ISN adecuada debe aspirar a seguir al menos las especificaciones descritas en RFC 6528."}], "id": "CVE-2020-27213", "lastModified": "2024-11-21T05:20:52.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T17:15:10.337", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://www.ethernut.de/en/download/index.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://www.ethernut.de/en/download/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}]}