Hello,
from a customer of us we got a recommend remediation for a LwIP vulnerability regarding TCP/IP communication (copied from the customer text):
"The Initial Sequence Number (ISN) used in TCP/IP sessions should be as random as possible in order to prevent attacks such as IP address spoofing and session hijacking. If the ISN of an existing or future TCP connection can be determined within some practical range, a malicious agent may be able to close or hijack the TCP connections. If the ISNs of future connections of a system are guessed exactly, an agent may be able to "complete" a TCP three-way handshake, establish a phantom connection, and spoof TCP packets delivered to a victim."
A quick google search showed me that this is a very old vulnerability in LwIP. But as far as I saw a fix never came into LwIP.
Are there any actions on TI side to fix this vulnerability in LwIP?
Thanks
Fabian
