CVE-2020-27630

Name of the Vulnerable Software and Affected Versions Silicon Labs uC/TCP-IP version 3.6.0

Description The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the stack protocol used by uC/OS and uC/TCP-IP. This could allow a remote attacker to gain unauthorized access to protected information. The problem stems from the use of insufficiently random values.

Recommendations For Silicon Labs uC/TCP-IP version 3.6.0, consider implementing additional randomness to the TCP ISN generation process as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.