JVN#10724763
SEIL Series routers vulnerable to denial-of-service (DoS)
Overview
SEIL Series routers contain a denial-of-service (DoS) vulnerability.
Products Affected
- SEIL/x86 1.00 to 3.10
- SEIL/X1 1.00 to 4.50
- SEIL/X2 1.00 to 4.50
- SEIL/B1 1.00 to 4.50
- SEIL/Turbo 1.80 to 2.17
- SEIL/neu 2FE Plus 1.80 to 2.17
Description
The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service (DoS) vulnerability due to an issue in processing certain packets. (CWE-119)
Impact
By receiving a specially crafted TCP packet, a session established using PPPAC may be disconnected or stop accepting connections.
Solution
Update the Firmware
Apply the appropriate firmware update provided by the developer.
Apply a workaround
According to the developer, updated firmware for SEIL/Turbo and SEIL/neu 2FE Plus are still being developed.
If using either of these products, apply the appropriate workarounds according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Internet Initiative Japan Inc. | Vulnerable | 2014/06/13 | Internet Initiative Japan Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2014.06.13 (CVSS Base Metrics)
| Measures | Severity | Description | ||
|---|---|---|---|---|
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) | A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". |
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) | Specialized access conditions or extenuating circumstances do not exist. |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) | Authentication is not required to exploit the vulnerability. |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) | There is no impact to the confidentiality of the system. |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) | There is no impact to the integrity of the system. |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) | There is reduced performance or interruptions in resource availability. |
Base Score:5.0
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2014-2004 |
| JVN iPedia |
JVNDB-2014-000055 |