CVE-1999-1150 is a vulnerability affecting Livingston Portmaster routers running the ComOS operating system. The core issue lies in the use of a static or predictable Initial Sequence Number (ISN) for TCP connections. Normally, TCP connections use randomized ISNs to prevent attackers from predicting the sequence numbers used in a session. However, in this case, the Portmaster routers use the same ISN for all TCP connections, which significantly weakens the security of the TCP session establishment process. This flaw enables remote attackers to perform TCP session hijacking and spoofing attacks by predicting or knowing the sequence numbers, allowing them to inject malicious packets into an existing TCP session or impersonate a trusted host. The vulnerability does not require authentication and can be exploited remotely over the network. The CVSS v2 base score is 7.5, indicating a high severity level, with the vector AV:N/AC:L/Au:N/C:P/I:P/A:P meaning the attack can be performed remotely with low complexity, no authentication, and impacts confidentiality, integrity, and availability. There is no patch available for this vulnerability, and no known exploits have been reported in the wild. Given the age of this vulnerability (published in 1998) and the specific product affected, it is likely that many affected devices are legacy systems still in operation in some environments. The vulnerability fundamentally undermines the trustworthiness of TCP sessions passing through these routers, potentially allowing attackers to intercept, modify, or disrupt network communications.

For European organizations, the impact of this vulnerability can be significant if Livingston Portmaster routers running ComOS are still deployed within their network infrastructure. Exploitation could lead to unauthorized access to sensitive data, session hijacking, and disruption of critical network services. This could affect confidentiality by exposing data in transit, integrity by allowing attackers to alter communications, and availability by disrupting legitimate sessions. Industries with high reliance on secure network communications, such as finance, government, and critical infrastructure, would be particularly at risk. Additionally, the lack of available patches means organizations must rely on compensating controls or device replacement to mitigate the risk. The vulnerability could also be leveraged in targeted attacks against legacy systems that have not been updated or replaced, potentially leading to data breaches or operational disruptions.

Since no patch is available for this vulnerability, European organizations should consider the following specific mitigation strategies: 1) Identify and inventory all Livingston Portmaster routers running ComOS within the network to assess exposure. 2) Replace affected routers with modern, supported devices that implement proper TCP ISN randomization and have ongoing security support. 3) If immediate replacement is not feasible, isolate affected routers in network segments with strict access controls and monitoring to limit exposure to untrusted networks. 4) Implement network-level protections such as ingress and egress filtering to prevent spoofed packets from entering or leaving the network. 5) Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics capable of detecting anomalous TCP sequence number behavior or session hijacking attempts. 6) Use VPNs or encrypted tunnels to protect sensitive communications traversing vulnerable routers, reducing the risk of interception or tampering. 7) Regularly monitor network traffic for signs of session hijacking or spoofing attacks. 8) Educate network administrators about the risks associated with legacy devices and the importance of timely hardware upgrades.