CVE-2020-27633
Published Oct 10, 2023
·Updated
In FNET 4.6.3, TCP ISNs are improperly random.
Affected Software
14 affected components
Butok Fnet=4.6.3
Multiple Nut/Net, Version 5.1 and prior
Multiple CycloneTCP, Version 1.9.6 and prior
Multiple NDKTCPIP, Version 2.25 and prior
Multiple FNET, Version 4.6.3
Multiple uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
Multiple uC/TCP-IP (EOL), Version 3.6.0 and prior
Multiple uIP-Contiki-NG, Version 4.5 and prior
Multiple uIP (EOL), Version 1.0 and prior
Multiple picoTCP-NG, Version 1.7.0 and prior
Multiple picoTCP (EOL), Version 1.7.0 and prior
Multiple MPLAB Net, Version 3.6.1 and prior
Multiple Nucleus NET, All versions prior to Version 5.2
Multiple Nucleus ReadyStart for ARM, MIPS, and PPC, All versions prior to Version 2012.12
Event History
Oct 10, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2020-27633?
CVE-2020-27633 has a moderate severity rating due to its potential impact on TCP connections.
2
How do I fix CVE-2020-27633?
To fix CVE-2020-27633, update the affected software to the latest version where the randomization of TCP ISNs is properly implemented.
3
What are the potential impacts of CVE-2020-27633?
The potential impacts of CVE-2020-27633 include susceptibility to TCP connection hijacking or spoofing attacks.
4
Which software versions are affected by CVE-2020-27633?
CVE-2020-27633 affects FNET version 4.6.3 and multiple other embedded TCP/IP stacks prior to their respective fixed versions.
5
Is there a workaround for CVE-2020-27633?
Currently, there is no officially recommended workaround for CVE-2020-27633 other than upgrading the software to a patched version.