CVE-2019-18625
suricata - security update
7.5
HIGH
CVSS 3.1
EPSS 0.25%
Description
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST ACK and the FIN ACK packets because of the bad TCP Timestamp option. Both linux and windows client are ignoring the injected packets.
How to fix CVE-2019-18625
To remediate CVE-2019-18625, upgrade the affected package to a fixed version below.
- —upgrade to 1:5.0.2-1 or later
- —upgrade to 2.0.7-2+deb8u5 or later
Is CVE-2019-18625 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:5.0.2-1
- from 0, < 2.0.7-2+deb8u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |