CVE-2020-27634
Published Oct 10, 2023
·Updated
In Contiki 4.5, TCP ISNs are improperly random.
Affected Software
14 affected components
Contiki-NG Contiki-NG=4.5
Multiple Nut/Net, Version 5.1 and prior
Multiple CycloneTCP, Version 1.9.6 and prior
Multiple NDKTCPIP, Version 2.25 and prior
Multiple FNET, Version 4.6.3
Multiple uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
Multiple uC/TCP-IP (EOL), Version 3.6.0 and prior
Multiple uIP-Contiki-NG, Version 4.5 and prior
Multiple uIP (EOL), Version 1.0 and prior
Multiple picoTCP-NG, Version 1.7.0 and prior
Multiple picoTCP (EOL), Version 1.7.0 and prior
Multiple MPLAB Net, Version 3.6.1 and prior
Multiple Nucleus NET, All versions prior to Version 5.2
Multiple Nucleus ReadyStart for ARM, MIPS, and PPC, All versions prior to Version 2012.12
Event History
Oct 10, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Frequently Asked Questions
1
What is CVE-2020-27634?
CVE-2020-27634 is a vulnerability in Contiki 4.5 where TCP ISNs are improperly random.
2
How severe is CVE-2020-27634?
CVE-2020-27634 has a severity rating of 9.1 (critical).
3
How does CVE-2020-27634 affect Contiki-ng Contiki-ng 4.5?
CVE-2020-27634 affects Contiki-ng Contiki-ng 4.5 by improperly randomizing TCP ISNs.
4
How can I fix CVE-2020-27634?
To fix CVE-2020-27634, update to a patched version of Contiki-ng Contiki-ng 4.5 or apply any available security patches.
5
Are there any references for CVE-2020-27634?
Yes, you can find references for CVE-2020-27634 at the following links: [Link 1](https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01), [Link 2](https://www.forescout.com), [Link 3](https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/).