Japan Vulnerability NotesJVN:25583987JVN#25583987: FUJITSU Network Edgiot GW1500 vulnerable to path traversal
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
19.8%
FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS) provided by Fujitsu Limited contains a path traversal vulnerability (CWE-22).
Impact
If a logged-in attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
Apply the Workaround
The following workaround may mitigate the impact of this vulnerability.
- Change Administrator Class’s password when resetting the initial configuration of the product
Products Affected
- FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS) versions prior to V02L19C01
Note that the products is affected only when using it with the factory shipped initial configuration.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
19.8%