|
Original release date: 31 October 2018
Update date: 2 November 2018
CVE ID
CVE-2018-7356
CVSS 3.0 Base Score
5.6 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Description
All versions up to V3.03.10.B23P2 of ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
Affected Products and Fixing Plan
|
Product Name |
Affected Version |
Resolved Product and Version |
|
ZXR10 8905E |
The versions up to V3.03.10.B23P2 |
The versions of V3.03.20 series and above |
Credit
Thanks to security researcher Lin Chunlin at Guangdong Southern Information Security Research Institute for reporting the security vulnerabilities to ZTE PSIRT.
Update Records
31 October 2018, initial.
2 November 2018, CVE ID assigned.
Supporting team contacts
1. ZTE GCSC hotline:
0755-26770800
800-830-1118
400-830-1118
2. Product forum at ZTE Support website.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|