CVE-2018-7356

low-risk
Published 2018-11-01

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Zxr10 8905E Firmware

Affected Vendors

Zte

References (2)

Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009783
Vendor Advisory http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009783
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal