CVSS 3.1 Score 7.5 of 10 (high)


Published Jan 16, 2024
Updated: Mar 7, 2024
CWE ID 338
CWE ID 200


CVE-2023-45236 is a vulnerability found in EDK2's Network Package. The vulnerability allows for a predictable TCP Initial Sequence Number, which could be exploited by an attacker to gain unauthorized access. This can potentially result in a loss of confidentiality for the affected organization. The vulnerability has a high severity rating and a base score of 7.5 according to NIST. It affects multiple products, including those with the following IDs: 'l5knKa', 'l5knKZ', 'cEpWag', 'uy6KJn', 'uy6KJm', 'uy6KJl', 'uy6KJr', 'uy6KJq', 'uy6KJp', 'uy6KJo', 'uy6KJs', 'k1I7Zy', 'k1I7Zz', 'k1I7Zw', 'k1I7Zx', 'k1I7Z2', 'k1I7Z3', 'k1I7Z0', 'k1I7Z1', 'i4QXto', 'i4QXtj','i4QXti','i4QXtl','i4QXtk','i4QXtn','i4QXtm','o0RD22','o0RD20','o0RD21'. Remediation measures are not specified in the provided information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45236 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options