Key Information on the Vulnerability Overview CVE-ID: CVE-2020-25241 Vulnerability Type: Improper Verification of Source of a Communication Channel (CWE-940) Product: Mongoose Embedded Web Server / Networking Library Vendor: Cesanta Affected Version: 7.20 and earlier versions Description Mongoose's built-in TCP/IP stack (MIP) accepts TCP RST packets without validating the source IP address or the sequence number, allowing an attacker to terminate arbitrary TCP sessions. Technical Details Component: (specifically and functions, MIP built-in TCP/IP stack) Vulnerable Code Locations: - Line 538-558: Connection lookup in - Line 1537-1539: RST handling in PoC Code The proof of concept (PoC) uses a socketpair as a virtual Ethernet link to the MIP stack. The legitimate client establishes a TCP connection with the Mongoose server. An attacker from a different IP address injects a single RST with a completely wrong sequence number, terminating the connection. Exploitation The attacker can terminate arbitrary TCP sessions by sending a single forged RST packet with the correct port pair and any source IP or sequence number. Impact Denial of Service: Attackers can continuously kill TCP connections, preventing clients from maintaining sessions. TCP Session Hijacking: By predicting the next connection's Initial Sequence Number (ISN), an attacker can hijack subsequent sessions. Mitigation Update to the latest version of Mongoose to fix the vulnerability. Implement network-level security measures to prevent unauthorized access.