CVE-2022-43501
Last modified
CVE-2022-43501 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Elwsc | Kasago Ipv4 | < 6.0.1.34 |
| Elwsc | Kasago Ipv4 Light | < 6.0.1.34 |
| Elwsc | Kasago Ipv6\/V4 Dual | < 6.0.1.34 |
| Elwsc | Kasago Mobile Ipv6 | < 6.0.1.34 |
References
- https://jvn.jp/en/vu/JVNVU99551468/Third Party Advisory
- https://www.elwsc.co.jp/news/6352Vendor Advisory
- https://jvn.jp/en/vu/JVNVU99551468/Third Party Advisory
- https://www.elwsc.co.jp/news/6352Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-43501?
How severe is CVE-2022-43501?
How do I fix CVE-2022-43501?
Are you affected by CVE-2022-43501?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST