CVE-2020-35685

Name of the Vulnerable Software and Affected Versions HCC Nichestack version 3.0

Description The issue is related to the implementation of the TCP/IP stack in HCC Nichestack, specifically with the generation of Initial Sequence Numbers (ISNs) for TCP connections. The code derives the ISN from an insufficiently random source, which may allow an attacker to determine the ISN of current and future TCP connections. This could enable the attacker to hijack existing connections or spoof future ones. Proper ISN generation should follow the specifications outlined in RFC 6528.

Recommendations For HCC Nichestack version 3.0, consider updating to a version that properly generates ISNs according to RFC 6528 specifications to prevent potential spoofing or hijacking attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.