CVE-2014-5409

The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101
https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-03-14 01:59

Updated : 2015-03-16 16:26

NVD link : CVE-2014-5409

Mitre link : CVE-2014-5409

CVE.ORG link : CVE-2014-5409

JSON object : View

Products Affected

hydran_m2

CWE

NVD-CWE-Other

{"id": "CVE-2014-5409", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-14T01:59:00.067", "references": [{"url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values."}, {"lang": "es", "value": "La tarjeta Ethernet 17046 anterior a 94450214LFMT100SEM-L.R3-CL para el GE Digital Energy Hydran M2 no genera de forma adecuada valores aleatrorios de TCP Initial Sequence Numbers (ISNs), lo que hace m\u00e1s f\u00e1cil a atacantes remotos suplantar paquetes mediante la predicci\u00f3n de dichos valores."}], "lastModified": "2015-03-16T16:26:28.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9F1FE4-F235-4238-ABC0-9D31A22255B4"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/330.html\">CWE-330: Use of Insufficiently Random Values</a>", "sourceIdentifier": "ics-cert@hq.dhs.gov"}

5.0 /10