9.1
CVE-2022-43501
- EPSS 0.57%
- Veröffentlicht 10.02.2023 04:15:11
- Zuletzt bearbeitet 24.03.2025 18:15:14
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginKASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elwsc ≫ Kasago Ipv4 Version < 6.0.1.34
Elwsc ≫ Kasago Ipv4 Light Version < 6.0.1.34
Elwsc ≫ Kasago Mobile Ipv6 Version < 6.0.1.34
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.424 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
https://jvn.jp/en/vu/JVNVU99551468/
https://www.elwsc.co.jp/news/6352