JVNVU#99551468
Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers
Overview
Zuken Elmic KASAGO uses insufficient random values for TCP initial sequence numbers.
Products Affected
The versions prior to Ver6.0.1.34 of the following products are affected.
- KASAGO IPv6/v4 Dual
- KASAGO IPv4
- KASAGO IPv4 Light
- KASAGO mobile IPv6
Description
Zuken Elmic KASAGO, TCP/IP protocol stack for embedded systems, uses its own random number generator function when generating TCP initial sequence numbers, which leads to use insufficient random values (CWE-330).
Impact
TCP initial sequence numbers may be derived; and ongoing TCP sessions may be hijacked or future TCP sessions may be spoofed.
Solution
Update The Software
Update to the latest version according to the information provided by the developer.
The developer states that this issue is fixed on Ver6.0.1.34.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| DENSO WAVE INCORPORATED | Not Vulnerable | 2023/02/27 | |
| DMG MORI Digital Co., LTD. | Not Vulnerable | 2023/02/10 | |
| FUJITSU LIMITED | Not Vulnerable, investigating | 2023/02/10 | |
| OMRON Corporation | Vulnerability Information Provided | 2023/02/10 | |
| Panasonic Holdings Corporation | Vulnerable, investigating | 2023/05/17 | Panasonic Holdings Corporation website |
| Vendor | Link |
| Zuken Elmic | Announcement on the vulnerability of KASAGO products (written in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Zuken Elmic reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2022-43501 |
| JVN iPedia |
|
Update History
- 2023/02/15
- DENSO WAVE INCORPORATED update status
- 2023/02/27
- DENSO WAVE INCORPORATED update status
- 2023/05/17
- Panasonic Holdings Corporation update status