Japan Vulnerability NotesJVN:29238389JVN#29238389: IPCOM vulnerable to information disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.6%
SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy (CWE-208).
Impact
Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply the workaround
Applying the following workaround may mitigate the impact of this vulnerability.
- Disable the RSA key exchange cipher suite in the IPCOM cipher suite settings
For more information, refer to the information provided by the developer.
Products Affected
- IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301
- IPCOM VE2 Series V01L04NF0001 to V01L06NF0112
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.6%