CVE-2023-45236 Information

Description

EDK2’s Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

Reference

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h http://www.openwall.com/lists/oss-security/2024/01/16/2