CVE-2020-27635
Published Oct 10, 2023
·Updated
In PicoTCP 1.7.0, TCP ISNs are improperly random.
Affected Software
14 affected components
Capgemini Picotcp=1.7.0
Multiple Nut/Net, Version 5.1 and prior
Multiple CycloneTCP, Version 1.9.6 and prior
Multiple NDKTCPIP, Version 2.25 and prior
Multiple FNET, Version 4.6.3
Multiple uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior
Multiple uC/TCP-IP (EOL), Version 3.6.0 and prior
Multiple uIP-Contiki-NG, Version 4.5 and prior
Multiple uIP (EOL), Version 1.0 and prior
Multiple picoTCP-NG, Version 1.7.0 and prior
Multiple picoTCP (EOL), Version 1.7.0 and prior
Multiple MPLAB Net, Version 3.6.1 and prior
Multiple Nucleus NET, All versions prior to Version 5.2
Multiple Nucleus ReadyStart for ARM, MIPS, and PPC, All versions prior to Version 2012.12
Event History
Oct 10, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2020-27635?
CVE-2020-27635 has a medium severity rating due to its impact on TCP session integrity.
2
How do I fix CVE-2020-27635?
To mitigate CVE-2020-27635, update the affected software to the latest versions that resolve the improper TCP ISN generation.
3
Which software versions are affected by CVE-2020-27635?
CVE-2020-27635 affects multiple software products, including PicoTCP 1.7.0 and prior, as well as various versions of Nut/Net, CycloneTCP, and NDKTCPIP.
4
What is the risk of exploiting CVE-2020-27635?
Exploiting CVE-2020-27635 could allow an attacker to hijack TCP connections, intercepting or injecting data into the traffic.
5
Is CVE-2020-27635 relevant to embedded systems?
Yes, CVE-2020-27635 is particularly relevant for embedded systems using affected TCP/IP stacks, which may be less monitored.