Login Sign Up

CVE-2024-10604

5.3 MEDIUM

📋 TL;DR

This vulnerability in Fuchsia OS allows attackers to predict network protocol header values like TCP sequence numbers and source ports, enabling network session hijacking or injection attacks. It affects systems running vulnerable versions of Fuchsia OS where network services are exposed. The risk is primarily to systems accepting network connections from untrusted sources.

💻 Affected Systems

Products:
  • Fuchsia OS
Versions: Versions prior to fixes in 2024
Operating Systems: Fuchsia OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with network services enabled. The vulnerability is in the network stack implementation.

📦 What is this software?

Fuchsia by Google

View all CVEs affecting Fuchsia →

Fuchsia by Google

View all CVEs affecting Fuchsia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack TCP sessions, inject malicious packets into network streams, bypass firewall rules, or perform man-in-the-middle attacks on vulnerable network services.

🟠

Likely Case

Network session disruption, packet injection in specific conditions, or information leakage about network activity patterns.

🟢

If Mitigated

Limited impact due to network segmentation, encryption, or other security controls that prevent packet-level attacks.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires network access and ability to send/receive packets. The vulnerability is algorithmic rather than a memory corruption issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Fuchsia OS updates from 2024 onward

Vendor Advisory: https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc

Restart Required: Yes

Instructions:

1. Update Fuchsia OS to latest version. 2. Reboot the system. 3. Verify network services are using updated network stack.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable systems from untrusted networks

Encryption Enforcement

all

Require TLS/encryption for all network communications

🧯 If You Can't Patch

  • Implement strict network access controls and firewall rules
  • Use VPNs or encrypted tunnels for all network communications

🔍 How to Verify

Check if Vulnerable:

Check Fuchsia OS version and compare against patched versions mentioned in Fuchsia source commits

Check Version:

fx version

Verify Fix Applied:

Verify Fuchsia OS is updated beyond vulnerable versions and network services are restarted

📡 Detection & Monitoring

Log Indicators:

  • Unexpected TCP resets
  • Sequence number anomalies in packet captures
  • Failed connection attempts with predictable patterns

Network Indicators:

  • Predictable TCP ISN values in network traffic
  • Consistent source port patterns
  • Unusual packet injection attempts

SIEM Query:

network.protocol:tcp AND (tcp.flags.reset:1 OR tcp.sequence_number:*) with predictable patterns

📊 Metadata

CVE ID: CVE-2024-10604
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-330
EPSS Score: 0.1% exploit probability (28.1th percentile)
Published: January 30, 2025
Last Updated: July 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10604, you might also want to check these:

CVE-2023-2884 9.8

This vulnerability in CBOT Chatbot uses a weak pseudo-random number generator (PRNG) that allows att...

Same vulnerability type (CWE-330)
CVE-2021-36166 9.8

This vulnerability allows remote attackers to efficiently guess administrative authentication tokens...

Same vulnerability type (CWE-330)
CVE-2024-36389 9.8

MileSight DeviceHub uses insufficiently random values for authentication, potentially allowing attac...

Same vulnerability type (CWE-330)