PT-2024-1256 · Edk2+11 · Edk2+11

Doug Flick

Published

2024-01-16

Updated

2025-11-28

CVE-2023-45236

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. This issue can allow a remote attacker to obtain unauthorized access to confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-338CWE-200

Related Identifiers

ALSA-2024:4749

ALSA-2024:5297

ALT-PU-2024-14732

ALT-PU-2024-14734

ALT-PU-2024-14950

AZL-38425

AZL-39388

AZL-39454

BDU:2024-00658

CESA-2024_5297

CVE-2023-45236

GHSA-HC6X-CW6P-GJ7H

INFSA-2024_4749

INFSA-2024_5297

OESA-2024-2301

OPENSUSE-SU-2024:14336-1

OPENSUSE-SU-2025_0407-1

OPENSUSE-SU-2025_0421-1

OPENSUSE-SU-2025_0503-1

RHSA-2024:4419

RHSA-2024:4749

RHSA-2024:5297

RHSA-2024_4749

RHSA-2024_5297

SUSE-SU-2025:0407-1

SUSE-SU-2025:0421-1

SUSE-SU-2025:0503-1

SUSE-SU-2025:0608-1

SUSE-SU-2025:0609-1

SUSE-SU-2025:0690-1

SUSE-SU-2025_0421-1

SUSE-SU-2025_0503-1

USN-7894-1

USN-7894-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Edk2

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-1256 · Edk2+11 · Edk2+11

CVE-2023-45236

Weakness Enumeration

Related Identifiers

Affected Products

References · 127