Use of insufficiently random values in ZUKEN ELMIC products - CVE-2022-43501
Published: February 10, 2023
Vulnerability identifier: #VU72105
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-43501
CWE-ID: CWE-330
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
KASAGO IPv4
KASAGO IPv4 Light
KASAGO mobile IPv6
KASAGO IPv6/v4 Dual
KASAGO IPv4
KASAGO IPv4 Light
KASAGO mobile IPv6
KASAGO IPv6/v4 Dual
Software vendor:
ZUKEN ELMIC
ZUKEN ELMIC
Description
The vulnerability allows a remote attacker to compromise communication between parties and perform spoofing attack.
The vulnerability exists due to usage of its own weak random number generator function when generating TCP initial sequence numbers. A remote attacker can guess the output produced by such generator and hijack future TCP sessions or perform spoofing attack.
Remediation
Install updates from vendor's website.