CVE-2001-0288

Cisco IOS < 12.1 - TCP Connection Spoofing via Predictable ISN

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0288.

AI-analyzed exploit summary The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation, enabling session spoofing and bypassing IP-based access controls. The analysis references the specific function and file in the kernel code.

Description

Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISN) due to weak MD4-based generation, enabling session spoofing and bypassing IP-based access controls. The analysis references the specific function and file in the kernel code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (versions prior to fix)

No auth needed

Prerequisites: Network access to target system · Ability to observe or predict ISN generation patterns

MITRE ATT&CK

T1590 - Gather Victim Network Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_cisco

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

Scores

EPSS 0.0541

EPSS Percentile 91.7%

Details

Status published

Products (1)

cisco/ios < 12.1

Published May 03, 2001

Tracked Since Feb 18, 2026