CVE-2022-43501

EPSS 0.32%
Veröffentlicht 10.02.2023 04:15:11
Zuletzt bearbeitet 24.03.2025 18:15:14
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Elwsc ≫ Kasago Ipv4 Version < 6.0.1.34

Elwsc ≫ Kasago Ipv4 Light Version < 6.0.1.34

Elwsc ≫ Kasago Mobile Ipv6 Version < 6.0.1.34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.548

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://jvn.jp/en/vu/JVNVU99551468/

Third Party Advisory

https://www.elwsc.co.jp/news/6352

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-43501

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43501

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43501

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-43501