Very Low
TCP SACK PANIC
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very Low
(2 users assessed)Moderate
(2 users assessed)Unknown
Unknown
Unknown
TCP SACK PANIC
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A Linux kernel vulnerability in TCP networking could allow DoS
CVE-2019-11477 is considered an Important severity, whereas CVE-2019-11478 and CVE-2019-11479 are considered a Moderate severity. The first two are related to the Selective Acknowledgement (SACK) packets combined with Maximum Segment Size (MSS), the third solely with the Maximum Segment Size (MSS).
Vulnerable code exists in https://github.com/torvalds/linux/blob/master/include/linux/skbuff.h
This might stick around in various embedded hardware, which could be more disasterous if DoS’ed, but it’s too early to tell.
Add Assessment
Ratings
-
Attacker ValueVery Low
-
ExploitabilityMedium
Technical Analysis
Because this is a kernel panic, it is only useful if your goal is to take the host offline. Because DOS attacks are less useful overall to an attacker than RCE, LFI, or anything useful really, these vulnerabilities are not useful to have in your toolkit.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportRatings
-
Attacker ValueVery Low
Technical Analysis
Likely a dud, but it’s worth watching if this turns from a DoS to an RCE.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: