CVE-2019-18625
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.
Se descubrió un problema en Suricata versión 5.0.0. Fue posible omitir y evadir cualquier firma basada en tcp falsificando una sesión TCP cerrada usando un servidor malicioso. Después del paquete TCP SYN, es posible inyectar un paquete RST ACK y un paquete FIN ACK con una opción TCP Timestamp errada. El cliente ignorará los paquetes RST ACK y FIN ACK debido a la opción TCP Timestamp errada. Tanto el cliente de Linux y Windows ignoran los paquetes inyectados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-29 CVE Reserved
- 2020-01-06 CVE Published
- 2023-11-10 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/01/msg00032.html | Mailing List |
|
| https://redmine.openinfosecfoundation.org/issues/3286 | Third Party Advisory | |
| https://redmine.openinfosecfoundation.org/issues/3395 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 | 2023-02-01 | |
| https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 | 2023-02-01 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Suricata-ids Search vendor "Suricata-ids" | Suricata Search vendor "Suricata-ids" for product "Suricata" | 5.0.0 Search vendor "Suricata-ids" for product "Suricata" and version "5.0.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Suricata-ids Search vendor "Suricata-ids" | Suricata Search vendor "Suricata-ids" for product "Suricata" | 5.0.0 Search vendor "Suricata-ids" for product "Suricata" and version "5.0.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||