Vulnerabilities > CVE-2013-4708 - Cryptographic Issues vulnerability in IIJ products

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

iij

CWE-310

NVD

Published: 2013-10-01

Updated: 2013-10-07

Summary

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic.

Vulnerable Configurations

Part	Description	Count
OS	Iij IIJ Seil%2Fx1 Firmware 1.00 IIJ Seil%2Fx1 Firmware 4.30 IIJ Seil%2Fb1 Firmware 1.00 IIJ Seil%2Fb1 Firmware 4.30 IIJ Seil%2Fx2 Firmware 1.00 IIJ Seil%2Fx2 Firmware 4.30 IIJ Seil%2Fx86 Firmware 1.00 IIJ Seil%2Fx86 Firmware 2.80 IIJ Seil%2Fturbo Firmware 1.80 IIJ Seil%2Fturbo Firmware 2.05 IIJ Seil%2Fturbo Firmware 2.15 IIJ Seil%2Fneu 2FE Plus Firmware 1.80 IIJ Seil%2Fneu 2FE Plus Firmware 2.05 IIJ Seil%2Fneu 2FE Plus Firmware 2.15	14
Hardware	Iij IIJ Seil/X1 * IIJ Seil/B1 * IIJ Seil/X2 * IIJ Seil/X86 * IIJ Seil/Turbo * IIJ Seil/Neu 2FE Plus *	6

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References