CVE-2014-5409

{"id": "CVE-2014-5409", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-14T01:59:00.067", "references": [{"url": "http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-041-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values."}, {"lang": "es", "value": "La tarjeta Ethernet 17046 anterior a 94450214LFMT100SEM-L.R3-CL para el GE Digital Energy Hydran M2 no genera de forma adecuada valores aleatrorios de TCP Initial Sequence Numbers (ISNs), lo que hace m\u00e1s f\u00e1cil a atacantes remotos suplantar paquetes mediante la predicci\u00f3n de dichos valores."}], "lastModified": "2015-03-16T16:26:28.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9F1FE4-F235-4238-ABC0-9D31A22255B4"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/330.html\">CWE-330: Use of Insufficiently Random Values</a>", "sourceIdentifier": "ics-cert@hq.dhs.gov"}