Vulnerability Details : CVE-2013-4708
The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic.
Products affected by CVE-2013-4708
- cpe:2.3:h:iij:seil\/x2:*:*:*:*:*:*:*:*
- cpe:2.3:h:iij:seil\/x1:*:*:*:*:*:*:*:*
- cpe:2.3:h:iij:seil\/b1:*:*:*:*:*:*:*:*
- cpe:2.3:h:iij:seil\/x86:*:*:*:*:*:*:*:*
- cpe:2.3:h:iij:seil\/turbo:*:*:*:*:*:*:*:*
- cpe:2.3:h:iij:seil\/neu_2fe_plus:*:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fturbo_firmware:2.05:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fturbo_firmware:2.15:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fturbo_firmware:1.80:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fx1_firmware:4.30:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fx1_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fb1_firmware:4.30:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fb1_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fx86_firmware:2.80:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fx86_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fneu_2fe_plus_firmware:1.80:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fneu_2fe_plus_firmware:2.15:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fneu_2fe_plus_firmware:2.05:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fx2_firmware:1.00:*:*:*:*:*:*:*
- cpe:2.3:o:iij:seil\%2fx2_firmware:4.30:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4708
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:N |
4.9
|
4.9
|
NIST |
CWE ids for CVE-2013-4708
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4708
-
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html
JVNDB-2013-000091 - JVN iPedia - 脆弱性対策情報データベース
-
http://jvn.jp/en/jp/JVN40079308/index.html
JVN#40079308: SEIL Series routers vulnerable in RADIUS authentication
-
http://www.seil.jp/support/security/a01388.html
PPPアクセスコンセントレータ(PPPAC)機能のRADIUS認証の脆弱性Vendor Advisory
Jump to