CVE-2020-2763510.10.2023, 17:15In PicoTCP 1.7.0, TCP ISNs are improperly random.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.1 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NmitreCNA------CVEADP------CISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 40%VendorProductVersioncapgeminipicotcp1.7.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-330 - Use of Insufficiently Random ValuesThe software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Referenceshttps://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01https://www.forescout.comhttps://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01https://www.forescout.comhttps://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/