SB2021051313 - Use of insufficiently random values in Siemens Linux Based Products
Published: May 13, 2021 Updated: August 15, 2021
Security Bulletin ID
SB2021051313
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of insufficiently random values (CVE-ID: CVE-2020-25705)
The vulnerability allows a remote attacker to gain access to sensitive information.
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Remediation
Install update from vendor's website.