CVE-2020-27631

Name of the Vulnerable Software and Affected Versions Oryx CycloneTCP version 1.9.6

Description The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the CycloneTCP stack implementation. This could allow a remote attacker to gain unauthorized access to protected information. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Oryx CycloneTCP version 1.9.6, consider updating to a newer version that properly randomizes TCP ISNs to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.