CVE-2001-0163

Cisco Aironet AP340 - TCP Connection Spoofing via Predictable ISNs

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0163.

AI-analyzed exploit summary The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function in 'drivers/char/random.c' allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation. This can facilitate TCP session spoofing and bypass IP-based access controls.

Description

Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function in 'drivers/char/random.c' allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation. This can facilitate TCP session spoofing and bypass IP-based access controls.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (versions affected by CVE-2001-0163)

No auth needed

Prerequisites: Network access to the target system · Ability to observe or interact with TCP sessions

MITRE ATT&CK

T1590 - Gather Victim Network Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_misc

http://www.cs.jhu.edu/~seny/pubs/wince802.pdf

Scores

EPSS 0.0280

EPSS Percentile 84.6%

Details

Status published

Products (1)

cisco/aironet_ap340

Published Jan 01, 2001

Tracked Since Feb 18, 2026