KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU99551468/ | Third Party Advisory |
https://www.elwsc.co.jp/news/6352 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Feb 2023, 17:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:elwsc:kasago_ipv6\/v4_dual:*:*:*:*:*:*:*:* cpe:2.3:a:elwsc:kasago_ipv4_light:*:*:*:*:*:*:*:* cpe:2.3:a:elwsc:kasago_mobile_ipv6:*:*:*:*:*:*:*:* cpe:2.3:a:elwsc:kasago_ipv4:*:*:*:*:*:*:*:* |
|
CWE | CWE-330 | |
First Time |
Elwsc kasago Ipv4 Light
Elwsc kasago Ipv4 Elwsc kasago Mobile Ipv6 Elwsc kasago Ipv6\/v4 Dual Elwsc |
|
References | (CONFIRM) https://www.elwsc.co.jp/news/6352 - Vendor Advisory | |
References | (JVN) https://jvn.jp/en/vu/JVNVU99551468/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
10 Feb 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-10 04:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-43501
Mitre link : CVE-2022-43501
CVE.ORG link : CVE-2022-43501
JSON object : View
Products Affected
elwsc
- kasago_ipv4_light
- kasago_mobile_ipv6
- kasago_ipv4
- kasago_ipv6\/v4_dual
CWE
CWE-330
Use of Insufficiently Random Values