CVE-2024-39921

Sept. 19, 2024, 2:59 p.m.

CVSS Score

7.5 / 10

Products Impacted

Vendor	Product	Versions
fujitsu	ipcom_ve2_ls_100_firmware ipcom_ve2_ls_100 ipcom_ve2_ls_200_firmware ipcom_ve2_ls_200 ipcom_ve2_ls_220_firmware ipcom_ve2_ls_220 ipcom_ve2_ls_plus_100_firmware ipcom_ve2_ls_plus_100 ipcom_ve2_ls_plus_200_firmware ipcom_ve2_ls_plus_200 ipcom_ve2_ls_plus_220_firmware ipcom_ve2_ls_plus_220 ipcom_ve2_ls_plus2_200_firmware ipcom_ve2_ls_plus2_200 ipcom_ve2_ls_plus2_220_firmware ipcom_ve2_ls_plus2_220 ipcom_ve2_sc_plus_100_firmware ipcom_ve2_sc_plus_100 ipcom_ve2_sc_plus_200_firmware ipcom_ve2_sc_plus_200 ipcom_ve2_sc_plus_220_firmware ipcom_ve2_sc_plus_220 ipcom_ex2_in_3200_firmware ipcom_ex2_in_3200 ipcom_ex2_in_3500_firmware ipcom_ex2_in_3500 ipcom_ex2_lb_3200_firmware ipcom_ex2_lb_3200 ipcom_ex2_lb_3500_firmware ipcom_ex2_lb_3500 ipcom_ex2_sc_3200_firmware ipcom_ex2_sc_3200 ipcom_ex2_sc_3500_firmware ipcom_ex2_sc_3500 ipcom_ex2_dc_3200_firmware ipcom_ex2_dc_3200 ipcom_ex2_dc_3500_firmware ipcom_ex2_dc_3500	* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -

Description

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

Weaknesses

CWE-203

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CWE ID: 203

Date

Published: Sept. 4, 2024, 3:15 a.m.

Last Modified: Sept. 19, 2024, 2:59 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

vultures@jpcert.or.jp

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	fujitsu	ipcom_ve2_ls_100_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_100	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_220_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_220	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_plus_100_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_plus_100	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_plus_200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_plus_200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_plus_220_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_plus_220	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_plus2_200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_plus2_200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_ls_plus2_220_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_ls_plus2_220	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_sc_plus_100_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_sc_plus_100	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_sc_plus_200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_sc_plus_200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ve2_sc_plus_220_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ve2_sc_plus_220	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_in_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_in_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_in_3200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_in_3200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_in_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_in_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_in_3500_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_in_3500	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_lb_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_lb_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_lb_3200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_lb_3200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_lb_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_lb_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_lb_3500_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_lb_3500	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_sc_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_sc_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_sc_3200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_sc_3200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_sc_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_sc_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_sc_3500_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_sc_3500	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_dc_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_dc_3200_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_dc_3200_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_dc_3200	-	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_dc_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_dc_3500_firmware	/	/	/	/	/	/	/	/
o	fujitsu	ipcom_ex2_dc_3500_firmware	/	/	/	/	/	/	/	/
h	fujitsu	ipcom_ex2_dc_3500	-	/	/	/	/	/	/	/

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

Base Score

7.5

Exploitability Score

3.9

Impact Score

3.6

Base Severity

HIGH

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://jvn.jp/en/jp/JVN29238389/

vultures@jpcert.or.jp

https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/

vultures@jpcert.or.jp

CVE-2024-39921

Tags

CVSS Score

Products Impacted

Description

Weaknesses

CWE-203

Observable Discrepancy

Date

Status : Analyzed

Source

CPEs

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

CVSS Vector String

References

Share