CVE-2023-45236

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 16, 2024

Updated: Mar 7, 2024

CWE ID 338

CWE ID 200

Summary

CVE-2023-45236 is a vulnerability affecting EDK2's Network Package. It allows an attacker to predict the TCP Initial Sequence Number, which can be exploited to gain unauthorized access. Successful exploitation of this vulnerability could potentially result in a loss of Confidentiality. This issue may pose a significant risk if not addressed promptly. It is recommended that users update their EDK2 packages to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TianoCore EDK II

Affected Vendors

Tianocore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5u7_2
https://www.cve.org/CVERecord?id=CVE-2023-45236
https://nvd.nist.gov/vuln/detail/CVE-2023-45236

Back to Vulnerability Database