CVE-2018-7356
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
Todas las versiones hasta la V3.03.10.B23P2 del producto ZTE ZXR10 8905E se han visto afectadas por una vulnerabilidad de reutilización TCP Initial Sequence Number (ISN), que puede generar ISN fácilmente predecibles y permite que los atacantes remotos suplanten conexiones.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-22 CVE Reserved
- 2018-11-01 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-294: Authentication Bypass by Capture-replay
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009783 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxr10 8905e Firmware Search vendor "Zte" for product "Zxr10 8905e Firmware" | <= 3.03.10.b23p2 Search vendor "Zte" for product "Zxr10 8905e Firmware" and version " <= 3.03.10.b23p2" | - |
Affected
| in | Zte Search vendor "Zte" | Zxr10 8905e Search vendor "Zte" for product "Zxr10 8905e" | - | - |
Safe
|