VYPR
Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Nov 4, 2025

Use of a Weak PseudoRandom Number Generator in EDK II Network Package

CVE-2023-45237

Description

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

23

Patches

Vulnerability mechanics

References

3

News mentions

1