CVE-2001-0751

Cisco CBOS < 2.3.8 - TCP Connection Spoofing via Predictable ISN

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0751.

AI-analyzed exploit summary The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISNs) due to weak MD4-based generation. This can facilitate TCP session spoofing and bypass IP-based access controls.

Description

Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.

Exploits (1)

exploitdb WRITEUP

remotelinux

https://www.exploit-db.com/exploits/19522

View Code ZIP pw:eip

The vulnerability in the Linux kernel's 'secure_tcp_sequence_number' function allows remote users to predict TCP initial sequence numbers (ISNs) due to weak MD4-based generation. This can facilitate TCP session spoofing and bypass IP-based access controls.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel (versions prior to fix)

No auth needed

Prerequisites: Network access to target system · Ability to observe or predict TCP sequence numbers

MITRE ATT&CK

T1590 - Gather Victim Network Information

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_cisco

http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/139

Scores

EPSS 0.0259

EPSS Percentile 83.3%

Details

Status published

Products (1)

cisco/cbos < 2.3.8

Published Oct 18, 2001

Tracked Since Feb 18, 2026