[Japanese]

JVNDB-2013-000091

SEIL Series routers vulnerable in RADIUS authentication

Overview

SEIL Series routers contain a vulnerability in RADIUS authentication.

The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted.
CVSS Severity (What is CVSS?)

Base Metrics: 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Internet Initiative Japan Inc.
  • SEIL/B1 firmware 1.00 to 4.30
  • SEIL/neu 2FE Plus firmware 1.80 to 2.15
  • SEIL/Turbo firmware 1.80 to 2.15
  • SEIL/X1 firmware 1.00 to 4.30
  • SEIL/X2 firmware 1.00 to 4.30
  • SEIL/x86 firmware 1.00 to 2.80
  • SEIL/B1
  • SEIL/neu 2FE Plus
  • SEIL/Turbo
  • SEIL/X1
  • SEIL/X2
  • SEIL/x86

Impact

An attacker who can intercept communication of RADIUS authentication may take over access to the services.
Solution

[Update the Firmware]
Apply the appropriate firmware update provided by the developer.
Vendor Information

Internet Initiative Japan Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-4708
References

  1. JVN : JVN#40079308
  2. National Vulnerability Database (NVD) : CVE-2013-4708
Revision History

[2013/09/20]
  Web page was published
[2013/10/08]
  References : Content was added