How severe is CVE-2023-45237?

CVE-2023-45237 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-45237

Name: edk2
Author: tianocore

5.3MEDIUM

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of C

Published: 1/16/2024Updated: 11/4/2025

Description

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

AI AnalysisPowered by AI

Affected Products

tianocoreedk2

References

http://www.openwall.com/lists/oss-security/2024/01/16/2
Mailing List
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0011/
http://www.openwall.com/lists/oss-security/2024/01/16/2
Mailing List
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0011/
https://www.kb.cert.org/vuls/id/132380