CVE-2020-27636

Name of the Vulnerable Software and Affected Versions Microchip MPLAB Net version 3.6.1

Description The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the implementation of the MPLAB Net protocol stack. This could allow a remote attacker to gain unauthorized access to protected information. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Microchip MPLAB Net version 3.6.1, consider restricting access to the network until a patch or fix is available to properly randomize TCP ISNs. As a temporary workaround, limiting the exposure of the system to untrusted networks may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.