CVE-2024-40617

2024-07-1709:15:03

CWE-22

[email protected]

web.nvd.nist.gov

fujitsu network edgiot gw1500

path traversal vulnerability

remote attacker

sensitive information

administrator privileges

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.8%

JSON

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.

Affected configurations

Nvd

Node

fujitsunetwork_edgiot_gw1500_firmwareRange<v02l19c01

AND

fujitsunetwork_edgiot_gw1500Match-

VendorProductVersionCPE
fujitsunetwork_edgiot_gw1500_firmware*cpe:2.3:o:fujitsu:network_edgiot_gw1500_firmware:*:*:*:*:*:*:*:*
fujitsunetwork_edgiot_gw1500-cpe:2.3:h:fujitsu:network_edgiot_gw1500:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujitsu	network_edgiot_gw1500_firmware	*	cpe:2.3:o:fujitsu:network_edgiot_gw1500_firmware::::::::
fujitsu	network_edgiot_gw1500	-	cpe:2.3:h:fujitsu:network_edgiot_gw1500:-:::::::*