Use of insufficiently random values in PicoTCP and PicoTCP-NG

#VU50599 Use of insufficiently random values in PicoTCP and PicoTCP-NG

Published: 2021-02-10

Vulnerability identifier: #VU50599

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27635

CWE-ID: CWE-330

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PicoTCP
Server applications / Other server solutions
PicoTCP-NG
Server applications / Other server solutions

Vendor: Altran EESY

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ISN generator relies on LCG, which is reversible from observed output streams. A remote attacker can interfere with traffic, spoof the connection and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PicoTCP: 1.7.0

PicoTCP-NG: All versions

External links
http://www.forescout.com/company/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Use of insufficiently random values in PicoTCP and PicoTCP-NG