Vulnerability Description
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elwsc | Kasago Ipv4 | < 6.0.1.34 |
| Elwsc | Kasago Ipv4 Light | < 6.0.1.34 |
| Elwsc | Kasago Ipv6\/V4 Dual | < 6.0.1.34 |
| Elwsc | Kasago Mobile Ipv6 | < 6.0.1.34 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU99551468/Third Party Advisory
- https://www.elwsc.co.jp/news/6352Vendor Advisory
- https://jvn.jp/en/vu/JVNVU99551468/Third Party Advisory
- https://www.elwsc.co.jp/news/6352Vendor Advisory
FAQ
What is CVE-2022-43501?
CVE-2022-43501 is a vulnerability with a CVSS score of 9.1 (CRITICAL). KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the curren...
How severe is CVE-2022-43501?
CVE-2022-43501 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-43501?
Check the references section above for vendor advisories and patch information. Affected products include: Elwsc Kasago Ipv4, Elwsc Kasago Ipv4 Light, Elwsc Kasago Ipv6\/V4 Dual, Elwsc Kasago Mobile Ipv6.