Juniper NSM Linux Kernel TCP Sequence Number Generation Issue (PSN-2012-08-688)

High Nessus Plugin ID 69873


The remote host has a predictable TCP sequence number generator.


According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to denial of service and network session hijacking attacks due to a weak IP sequence number generator.


Upgrade to NSM version 2011.4s3 / 2012.1 or higher.

See Also

Plugin Details

Severity: High

ID: 69873

File Name: juniper_nsm_psn_2012_08_688.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2013/09/13

Modified: 2013/12/12

Dependencies: 11936, 69870, 69871

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:netscreen-security_manager

Required KB Items: Juniper_NSM_VerDetected

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/07/03

Vulnerability Publication Date: 2011/08/11

Reference Information

CVE: CVE-2011-3188

BID: 49289

OSVDB: 75716