Executive Summary

Informations
Name CVE-2023-30312 First vendor Publication 2024-05-28
Vendor Cve Last vendor Modification 2024-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver false information from a finance website). This occurs because nf_conntrack_tcp_no_window_check is true by default.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30312

Sources (Detail)

https://blog.apnic.net/2024/06/18/off-path-tcp-hijacking-in-nat-enabled-wi-fi...
https://news.ycombinator.com/item?id=40723150
https://openwrt.org/docs/guide-developer/security
https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-11-07 17:27:51
  • Multiple Updates
2024-06-19 09:27:32
  • Multiple Updates
2024-05-29 17:27:27
  • Multiple Updates
2024-05-29 05:27:21
  • First insertion