Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:96561229
HistoryMay 09, 2022 - 12:00 a.m.

JVN#96561229: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

2022-05-0900:00:00
Japan Vulnerability Notes
jvn.jp
45
fujitsu network ipcom
management interface
vulnerabilities
cve-2022-29516
cve-2020-10188
os command injection
buffer overflow
firmware update
workaround
ipcom ex2
ipcom ex
ipcom ve2
ipcom va2/ve1

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.833

Percentile

98.5%

JSON

FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.
Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.

OS command injection in the web console (CWE-78) - CVE-2022-29516

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C Base Score: 10.0

Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188
The product uses previous versions of netkit-telnet which contains a known vulnerability.

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C Base Score: 10.0

Impact

  • A remote attacker may execute an arbitrary OS command.
  • A remote attacker may obtain and/or alter sensitive information.
  • A remote attackerr may be able to cause a denial-of-service (DoS).

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
These vulnerabilities have been already addressed in the following firmware versions.

  • IPCOM EX2 V01L05 NF0501

  • IPCOM EX2 V01L20 NF0301

  • IPCOM EX2 V02L21 NF0201

  • IPCOM EX E20L33 NF1101

  • IPCOM EX E30L11 NF0501

  • IPCOM VE2 V01L05 NF0303

  • IPCOM VA2/VE1 E20L33 NF0902
    Apply the Workaround
    Apply one of the following workarounds to prevent unauthorized access from other than authorized Operation management terminal:

  • Prepare a dedicated network to deploy Operation management interface and allow access to the Operation management interface only from the network

  • Set individual permissions for Operation management terminal
    For more information, refer to the information provided by the developer. (Text in Japanese)

Products Affected

  • IPCOM EX2 series
  • IPCOM EX series
  • IPCOM VE2 series
  • IPCOM VA2/VE1 series

Related

nvd 2
cvelist 2
prion 2
cve 2
openvas 19
nessus 41
redhat 7
debian 2
broadcom 1
mageia 2
fedora 3
oraclelinux 4
osv 4
cisco 1
checkpoint_advisories 1
paloalto 1
centos 2
f5 1
amazon 2
ubuntu 2
arista 1
ubuntucve 1
debiancve 1
redhatcve 1
cisa 1
veracode 1
archlinux 1
oracle 1
nvd
nvd
CVE-2022-29516
2022-05-18 15:15:10
CVE-2020-10188
2020-03-06 15:15:14
cvelist
cvelist
CVE-2022-29516
2022-05-18 09:50:24
CVE-2020-10188
2020-03-06 14:07:21
prion
prion
Command injection
2022-05-18 15:15:00
Buffer overflow
2020-03-06 15:15:00
cve
cve
CVE-2022-29516
2022-05-18 15:15:10
CVE-2020-10188
2020-03-06 15:15:14
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0169)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2341-1)
2020-08-25 00:00:00
Huawei EulerOS: Security Advisory for telnet (EulerOS-SA-2020-1765)
2020-07-03 00:00:00
nessus
nessus
RHEL 8 : telnet (RHSA-2020:1318)
2020-04-07 00:00:00
EulerOS 2.0 SP3 : telnet (EulerOS-SA-2020-2065)
2020-09-28 00:00:00
Debian DLA-2176-1 : inetutils security update
2020-05-15 00:00:00
redhat
redhat
(RHSA-2020:1342) Important: telnet security update
2020-04-07 07:01:47
(RHSA-2022:0011) Important: telnet security update
2022-01-04 07:56:18
(RHSA-2020:1335) Important: telnet security update
2020-04-06 14:39:35
debian
debian
[SECURITY] [DLA 2341-1] inetutils security update
2020-08-24 09:10:08
[SECURITY] [DLA 2176-1] inetutils security update
2020-05-14 12:31:09
broadcom
broadcom
BSA-2021-1013
2021-07-10 00:00:00
mageia
mageia
Updated krb5-appl packages fix security vulnerability
2020-04-15 13:12:14
Updated netkit-telnet packages fix security vulnerability
2020-05-15 18:48:04
fedora
fedora
[SECURITY] Fedora 30 Update: telnet-0.17-77.fc30
2020-04-04 04:19:03
[SECURITY] Fedora 31 Update: telnet-0.17-78.fc31
2020-04-04 03:23:08
[SECURITY] Fedora 32 Update: telnet-0.17-79.fc32
2020-04-01 16:35:49
oraclelinux
oraclelinux
telnet security update
2020-04-07 00:00:00
telnet security update
2020-04-11 00:00:00
krb5-appl security update
2020-04-13 00:00:00
osv
osv
inetutils vulnerability
2021-08-20 17:56:24
inetutils - security update
2020-04-14 00:00:00
inetutils vulnerability
2021-08-19 19:14:10
cisco
cisco
Telnet Vulnerability Affecting Cisco Products: June 2020
2020-06-24 16:00:00
checkpoint_advisories
checkpoint_advisories
Netkit Telnet Buffer Overflow (CVE-2020-10188)
2020-12-27 00:00:00
paloalto
paloalto
PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
2021-09-08 16:00:00
centos
centos
krb5 security update
2020-04-08 15:29:38
telnet security update
2020-04-08 15:30:05
f5
f5
K22130301 : Telnet vulnerability CVE-2020-10188
2020-05-07 00:00:00
amazon
amazon
Important: telnet
2020-05-05 01:20:00
Important: telnet
2020-06-23 06:42:00
ubuntu
ubuntu
Inetutils vulnerability
2021-08-19 00:00:00
Inetutils vulnerability
2021-08-20 00:00:00
arista
arista
Security Advisory 0048
2020-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2020-10188
2020-03-06 00:00:00
debiancve
debiancve
CVE-2020-10188
2020-03-06 15:15:14
redhatcve
redhatcve
CVE-2020-10188
2020-03-09 15:41:07
cisa
cisa
Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software
2020-06-25 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-14 06:00:46
archlinux
archlinux
[ASA-202106-20] inetutils: arbitrary code execution
2021-06-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.833

Percentile

98.5%

JSON
Related for JVN:96561229
nvd2cvelist2prion2cve2openvas19nessus41redhat7debian2broadcom1mageia2fedora3oraclelinux4osv4cisco1checkpoint_advisories1paloalto1centos2f51amazon2ubuntu2arista1ubuntucve1debiancve1redhatcve1cisa1veracode1archlinux1oracle1