CVE-2022-43501
CVSS V2 None
CVSS V3 None
Description
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.
Overview
- CVE ID
- CVE-2022-43501
- Assigner
- vultures@jpcert.or.jp
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-10T04:15:11
- Last Modified Date
- 2023-02-21T17:14:59
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:elwsc:kasago_ipv4:*:*:*:*:*:*:*:* | 1 | OR | 6.0.1.34 | |
| cpe:2.3:a:elwsc:kasago_ipv4_light:*:*:*:*:*:*:*:* | 1 | OR | 6.0.1.34 | |
| cpe:2.3:a:elwsc:kasago_ipv6\/v4_dual:*:*:*:*:*:*:*:* | 1 | OR | 6.0.1.34 | |
| cpe:2.3:a:elwsc:kasago_mobile_ipv6:*:*:*:*:*:*:*:* | 1 | OR | 6.0.1.34 |
References
| Reference URL | Reference Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU99551468/ | Third Party Advisory |
| https://www.elwsc.co.jp/news/6352 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-43501 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43501 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:29:14 | Added to TrackCVE | |||
| 2023-04-17 07:29:17 | Weakness Enumeration | new |