Vulnerability Name: | CVE-2001-1104 (CCN-139) |
Assigned: | 1995-01-01 |
Published: | 1995-01-01 |
Updated: | 2022-06-28 |
Summary: | SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Bypass Security |
References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-00:52 TCP uses weak initial sequence numbers
Source: CCN Type: SGI Security Advisory 20020303-01-A IRIX TCP/IP Initial Sequence Numbers
Source: CCN Type: SGI Security Advisory 20020903-01-P IP denial-of-service fixes and tunings
Source: CCN Type: BugTraq Mailing List, Wed Jul 25 2001 - 18:17:28 CDT Weak TCP Sequence Numbers in Sonicwall SOHO Firewall
Source: CCN Type: BugTraq Mailing List, Thu May 30 2002 - 03:45:09 CDT 2 security problem Quantum SNAP server
Source: CCN Type: BugTraq Mailing List, Fri May 18 2007 - 08:36:10 CDT Predictable TCP ISN in Packeteer PacketShaper
Source: MITRE Type: CNA CVE-1999-0077
Source: MITRE Type: CNA CVE-2000-0328
Source: MITRE Type: CNA CVE-2000-0916
Source: MITRE Type: CNA CVE-2001-0288
Source: MITRE Type: CNA CVE-2001-0328
Source: MITRE Type: CNA CVE-2001-0751
Source: MITRE Type: CNA CVE-2001-1104
Source: MITRE Type: CNA CVE-2007-2782
Source: CCN Type: Hacker Emergency Response Team Security Advisory #00003 FreeBSD IP Spoofing
Source: CCN Type: SA25344 Packeteer PacketShaper TCP ISN Generation Weakness
Source: CCN Type: SA8044 SGI IRIX Multiple Vulnerabilities
Source: CCN Type: ASA-2007-416 HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262)
Source: CCN Type: CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections
Source: CCN Type: CERT Advisory CA-2001-09 Statistical Weaknesses in TCP/IP Initial Sequence Numbers
Source: CCN Type: CIAC Information Bulletin K-006 Microsoft - Improve TCP Initial Sequence Number Randomness
Source: CCN Type: CIAC Information Bulletin L-003 FreeBSD TCP Sequence Number Vulnerability
Source: CCN Type: CIAC Information Bulletin L-053 Cisco IOS Software TCP Initial Sequence Number Improvements
Source: CCN Type: CIAC Information Bulletin L-086 Cisco Multiple Vulnerabilities in CBOS
Source: CCN Type: Cisco Systems Field Notice, May 22, 2001 Security Advisory: More Multiple Vulnerabilities in CBOS
Source: CCN Type: Cisco Systems Field Notice, February 28, 2001 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Source: CCN Type: US-CERT VU#498440 Multiple TCP/IP implementations may use statistically predictable initial sequence numbers
Source: CCN Type: Microsoft Product Support Services Windows NT Service Packs
Source: CCN Type: Microsoft Security Bulletin MS99-046 FAQ Microsoft Security Bulletin MS99-046: Frequently Asked Questions
Source: CCN Type: Microsoft Security Bulletin MS01-033 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure
Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS
Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733)
Source: CCN Type: Microsoft Security Bulletin MS02-062 Cumulative Patch for Internet Information Service (Q327696)
Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114)
Source: CCN Type: Microsoft Security Bulletin MS99-046 Patch Available to Improve TCP Initial Sequence Number Randomness
Source: CCN Type: NetScreen Security Alert 51897 Predictable TCP Initial Sequence Numbers
Source: CCN Type: OSVDB ID: 199 Multiple Vendor TCP/IP ISN Sequence Prediction Weakness
Source: CCN Type: OSVDB ID: 36226 Packeteer PacketShaper TCP ISN Prediction
Source: CCN Type: OSVDB ID: 4409 SonicWALL SOHO Firewall Predictable TCP Sequence
Source: CCN Type: OSVDB ID: 45877 Aztech DSL600EU Router TCP Sequence Prediction Web Interface Access
Source: CCN Type: Packeteer Web site PacketShaper
Source: BUGTRAQ Type: Third Party Advisory, VDB Entry, Vendor Advisory 20010725 Weak TCP Sequence Numbers in Sonicwall SOHO Firewall
Source: CCN Type: BID-107 Portmaster Predictable TCP Initial Sequence Number Vulnerability
Source: CCN Type: BID-1766 BSD Weak initial Sequence Number Vulnerability
Source: CCN Type: BID-24048 Packeteer PacketShaper ISN TCP Packet Spoofing Vulnerability
Source: CCN Type: BID-2682 Multiple Vendor TCP Initial Sequence Number Statistical Vulnerability
Source: BID Type: Third Party Advisory, VDB Entry, Vendor Advisory 3098
Source: CCN Type: BID-3098 SonicWALL SOHO Firewall Predictable TCP Initial Sequence Number Vulnerability
Source: CCN Type: BID-4892 Quantum Snap Server Predictable TCP Sequence Number Vulnerability
Source: CCN Type: BID-604 NT Predictable TCP Sequence Number Vulnerability
Source: CCN Type: BID-6249 NetScreen ScreenOS Predictable Initial TCP Sequence Number Vulnerability
Source: CCN Type: BID-670 Linux Predictable TCP Initial Sequence Number Vulnerability
Source: CCN Type: Proceedings of the Fifth USENIX UNIX Security Symposium, June 1995 Simple Active Attack Against TCP
Source: XF Type: UNKNOWN tcp-seq-predict(139)
Source: CCN Type: Microsoft Knowledge Base Article 192292 Unpredictable TCP Sequence Numbers in SP4
Source: CCN Type: Microsoft Knowledge Base Article 243835 How to Prevent Predictable TCP/IP Initial Sequence Numbers
|
Vulnerable Configuration: | Configuration 1: cpe:/o:sonicwall:soho_firmware:4.0.0:*:*:*:*:*:*:*AND cpe:/h:sonicwall:soho:-:*:*:*:*:*:*:* Configuration 2: cpe:/o:sonicwall:soho_firmware:5.0.0:*:*:*:*:*:*:*AND cpe:/h:sonicwall:soho:-:*:*:*:*:*:*:* Configuration 3: cpe:/o:sonicwall:soho_firmware:5.1.5.0:*:*:*:*:*:*:*AND cpe:/h:sonicwall:soho:-:*:*:*:*:*:*:* Configuration CCN 1: cpe:/o:ibm:aix:*:*:*:*:*:*:*:*OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*OR cpe:/o:ibm:os2:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*OR cpe:/a:novell:netware:*:*:*:*:*:*:*:*OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*OR cpe:/o:cisco:ios:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*OR cpe:/a:packeteer:packetshaper:7.3.0g2:*:*:*:*:*:*:*OR cpe:/a:packeteer:packetshaper:7.5.0g1:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |
sonicwall soho firmware 4.0.0
sonicwall soho -
sonicwall soho firmware 5.0.0
sonicwall soho -
sonicwall soho firmware 5.1.5.0
sonicwall soho -
ibm aix *
windriver bsdos *
hp hp-ux *
sgi irix *
linux linux kernel *
sun solaris *
ibm os2 *
microsoft windows 95 *
data_general dg ux *
microsoft windows nt 4.0
microsoft windows 98 *
novell netware *
sco unix *
microsoft windows 98se *
microsoft windows 2000 *
cisco ios *
microsoft windows me *
compaq tru64 *
microsoft windows xp
apple mac os *
microsoft windows 2003_server
microsoft windows vista *
packeteer packetshaper 7.3.0g2
packeteer packetshaper 7.5.0g1
microsoft windows 7 *
microsoft windows server 2008
microsoft windows server 2008 - r2
microsoft windows server 2012
microsoft windows 8 *