Lucene search

JpcertCVE-2024-39921

HistorySep 04, 2024 - 3:15 a.m.

CVE-2024-39921

2024-09-0403:15:03

CWE-203

jpcert

web.nvd.nist.gov

observable timing discrepancy

ipcom ex2

ipcom ve2

encrypted communication

vulnerability exploitation

attacker interception

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.6%

JSON

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

Affected configurations

Nvd

Node

fujitsuipcom_ve2_ls_100_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_100Match-

Node

fujitsuipcom_ve2_ls_200_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_200Match-

Node

fujitsuipcom_ve2_ls_220_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_220Match-

Node

fujitsuipcom_ve2_ls_plus_100_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_plus_100Match-

Node

fujitsuipcom_ve2_ls_plus_200_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_plus_200Match-

Node

fujitsuipcom_ve2_ls_plus_220_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_plus_220Match-

Node

fujitsuipcom_ve2_ls_plus2_200_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_plus2_200Match-

Node

fujitsuipcom_ve2_ls_plus2_220_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_ls_plus2_220Match-

Node

fujitsuipcom_ve2_sc_plus_100_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_sc_plus_100Match-

Node

fujitsuipcom_ve2_sc_plus_200_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_sc_plus_200Match-

Node

fujitsuipcom_ve2_sc_plus_220_firmwareRangev01l04nf0001–v01l06nf0112

AND

fujitsuipcom_ve2_sc_plus_220Match-

Node

fujitsuipcom_ex2_in_3200_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_in_3200_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_in_3200_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_in_3200Match-

Node

fujitsuipcom_ex2_in_3500_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_in_3500_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_in_3500_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_in_3500Match-

Node

fujitsuipcom_ex2_lb_3200_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_lb_3200_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_lb_3200_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_lb_3200Match-

Node

fujitsuipcom_ex2_lb_3500_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_lb_3500_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_lb_3500_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_lb_3500Match-

Node

fujitsuipcom_ex2_sc_3200_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_sc_3200_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_sc_3200_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_sc_3200Match-

Node

fujitsuipcom_ex2_sc_3500_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_sc_3500_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_sc_3500_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_sc_3500Match-

Node

fujitsuipcom_ex2_dc_3200_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_dc_3200_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_dc_3200_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_dc_3200Match-

Node

fujitsuipcom_ex2_dc_3500_firmwareRangev01l02nf0001–v01l06nf0401

fujitsuipcom_ex2_dc_3500_firmwareRangev01l20nf0001–v01l20nf0401

fujitsuipcom_ex2_dc_3500_firmwareRangev02l20nf0001–v02l21nf0301

AND

fujitsuipcom_ex2_dc_3500Match-

VendorProductVersionCPE
fujitsuipcom_ve2_ls_100_firmware*cpe:2.3:o:fujitsu:ipcom_ve2_ls_100_firmware:*:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_100-cpe:2.3:h:fujitsu:ipcom_ve2_ls_100:-:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_200_firmware*cpe:2.3:o:fujitsu:ipcom_ve2_ls_200_firmware:*:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_200-cpe:2.3:h:fujitsu:ipcom_ve2_ls_200:-:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_220_firmware*cpe:2.3:o:fujitsu:ipcom_ve2_ls_220_firmware:*:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_220-cpe:2.3:h:fujitsu:ipcom_ve2_ls_220:-:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_plus_100_firmware*cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:*:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_plus_100-cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_100:-:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_plus_200_firmware*cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:*:*:*:*:*:*:*:*
fujitsuipcom_ve2_ls_plus_200-cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujitsu	ipcom_ve2_ls_100_firmware	*	cpe:2.3:o:fujitsu:ipcom_ve2_ls_100_firmware::::::::
fujitsu	ipcom_ve2_ls_100	-	cpe:2.3:h:fujitsu:ipcom_ve2_ls_100:-:::::::*
fujitsu	ipcom_ve2_ls_200_firmware	*	cpe:2.3:o:fujitsu:ipcom_ve2_ls_200_firmware::::::::
fujitsu	ipcom_ve2_ls_200	-	cpe:2.3:h:fujitsu:ipcom_ve2_ls_200:-:::::::*
fujitsu	ipcom_ve2_ls_220_firmware	*	cpe:2.3:o:fujitsu:ipcom_ve2_ls_220_firmware::::::::
fujitsu	ipcom_ve2_ls_220	-	cpe:2.3:h:fujitsu:ipcom_ve2_ls_220:-:::::::*
fujitsu	ipcom_ve2_ls_plus_100_firmware	*	cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware::::::::
fujitsu	ipcom_ve2_ls_plus_100	-	cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_100:-:::::::*
fujitsu	ipcom_ve2_ls_plus_200_firmware	*	cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware::::::::
fujitsu	ipcom_ve2_ls_plus_200	-	cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_200:-:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "IPCOM EX2 Series",
    "versions": [
      {
        "version": "V01L02NF0001 to V01L06NF0401",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "IPCOM EX2 Series",
    "versions": [
      {
        "version": "V01L20NF0001 to V01L20NF0401",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "IPCOM EX2 Series",
    "versions": [
      {
        "version": "V02L20NF0001 to V02L21NF0301",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "IPCOM VE2 Series",
    "versions": [
      {
        "version": "V01L04NF0001 to V01L06NF0112",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN29238389/

www.fujitsu.com/jp/products/network/support/2024/ipcom-04/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-39921