Denial of service based on TCP Sequence Number Approximation.
CVE | CVE-2004-0230 |
Advisory Summary | Some security scanners detect that the TCP stack used in some of our products is affected by CVE-2004-0230, flagging a vulnerability related to a potential denial of service. |
Products or Components | See the impact section in the advisory |
Addressed in Release | No impact to March Networks products |
Severity | N/A |
Ticket | ESC-24 |
Description
CVE-2004-0230 is an issue with the design of the TCP networking protocol, as originally defined in IETF RFC 730.
For most usages of the TCP networking protocol, it is widely recognized that this issue poses only a minimal risk. It is not trivial for an attacker to exploit it since it would require information related to the internal state of a TCP connection and precise timing in execution to repeatedly inject a TCP RST message. In any case, the result of a successful exploit would be an unexpected closure of a TCP connection, something that doesn’t pose a problem for most networking applications, services, and protocols.
Only a few services that depend on long-lived connections may be affected in practice, and in particular services that need to use a large TCP Windows Size, like the border gateway protocol (BGP) used in network routers. For these and other situations impacted by CVE-2004-0230, an update to the TCP networking protocol was published in RFC 5961.
Impact
CVE-2004-0230 was triggered in the past by some security scanners on 8000 and 9000 Series. We don’t exclude that it may be triggered on other March Networks services and products. The security scanner we use to verify all our services and product releases never listed CVE-2004-0230 as a potential issue at any level (not even informative). Penetration tests run periodically by external agencies never listed CVE-2004-0230 as a potential issue as well.
March Networks services and products are architected to be tolerant to TCP RST messages, as it is normal behavior in networking applications to drop connections when networking equipment is being serviced. When any connection is dropped, March Networks services and products continually attempt to reconnect, reestablishing their function when the connection is restored.
Revision
May 14, 2024 – Initial public report
Disclaimer
March Networks’ assessment of this security vulnerability is contingent on the March Networks products being updated to the recommended release and/or security patch level and that the system has been deployed and configured in accordance with March Networks security recommendations and industry best practices. IT IS THE CUSTOMER’S RESPONSIBILITY TO EVALUATE THE EFFECT OF ANY SECURITY VULNERABILITY. A failure to update March Networks products and/or to follow March Networks recommendations or industry best practices may increase the risk associated with a security vulnerability. March Networks follows industry-leading practices in addressing security vulnerabilities in our products. While March Networks cannot guarantee that our products will be free from security vulnerabilities, we are committed to providing updates and security fixes for our supported products if and when a high-security vulnerability is determined to affect March Networks products.