CVE-2024-39921

Sept. 19, 2024, 2:59 p.m.

7.5
High

Description

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

Product(s) Impacted

Vendor Product Versions
Fujitsu
  • Ipcom Ve2 Ls 100 Firmware
  • Ipcom Ve2 Ls 100
  • Ipcom Ve2 Ls 200 Firmware
  • Ipcom Ve2 Ls 200
  • Ipcom Ve2 Ls 220 Firmware
  • Ipcom Ve2 Ls 220
  • Ipcom Ve2 Ls Plus 100 Firmware
  • Ipcom Ve2 Ls Plus 100
  • Ipcom Ve2 Ls Plus 200 Firmware
  • Ipcom Ve2 Ls Plus 200
  • Ipcom Ve2 Ls Plus 220 Firmware
  • Ipcom Ve2 Ls Plus 220
  • Ipcom Ve2 Ls Plus2 200 Firmware
  • Ipcom Ve2 Ls Plus2 200
  • Ipcom Ve2 Ls Plus2 220 Firmware
  • Ipcom Ve2 Ls Plus2 220
  • Ipcom Ve2 Sc Plus 100 Firmware
  • Ipcom Ve2 Sc Plus 100
  • Ipcom Ve2 Sc Plus 200 Firmware
  • Ipcom Ve2 Sc Plus 200
  • Ipcom Ve2 Sc Plus 220 Firmware
  • Ipcom Ve2 Sc Plus 220
  • Ipcom Ex2 In 3200 Firmware
  • Ipcom Ex2 In 3200
  • Ipcom Ex2 In 3500 Firmware
  • Ipcom Ex2 In 3500
  • Ipcom Ex2 Lb 3200 Firmware
  • Ipcom Ex2 Lb 3200
  • Ipcom Ex2 Lb 3500 Firmware
  • Ipcom Ex2 Lb 3500
  • Ipcom Ex2 Sc 3200 Firmware
  • Ipcom Ex2 Sc 3200
  • Ipcom Ex2 Sc 3500 Firmware
  • Ipcom Ex2 Sc 3500
  • Ipcom Ex2 Dc 3200 Firmware
  • Ipcom Ex2 Dc 3200
  • Ipcom Ex2 Dc 3500 Firmware
  • Ipcom Ex2 Dc 3500
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o fujitsu ipcom_ve2_ls_100_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_100 - / / / / / / /
o fujitsu ipcom_ve2_ls_200_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_200 - / / / / / / /
o fujitsu ipcom_ve2_ls_220_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_220 - / / / / / / /
o fujitsu ipcom_ve2_ls_plus_100_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_plus_100 - / / / / / / /
o fujitsu ipcom_ve2_ls_plus_200_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_plus_200 - / / / / / / /
o fujitsu ipcom_ve2_ls_plus_220_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_plus_220 - / / / / / / /
o fujitsu ipcom_ve2_ls_plus2_200_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_plus2_200 - / / / / / / /
o fujitsu ipcom_ve2_ls_plus2_220_firmware / / / / / / / /
h fujitsu ipcom_ve2_ls_plus2_220 - / / / / / / /
o fujitsu ipcom_ve2_sc_plus_100_firmware / / / / / / / /
h fujitsu ipcom_ve2_sc_plus_100 - / / / / / / /
o fujitsu ipcom_ve2_sc_plus_200_firmware / / / / / / / /
h fujitsu ipcom_ve2_sc_plus_200 - / / / / / / /
o fujitsu ipcom_ve2_sc_plus_220_firmware / / / / / / / /
h fujitsu ipcom_ve2_sc_plus_220 - / / / / / / /
o fujitsu ipcom_ex2_in_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_in_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_in_3200_firmware / / / / / / / /
h fujitsu ipcom_ex2_in_3200 - / / / / / / /
o fujitsu ipcom_ex2_in_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_in_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_in_3500_firmware / / / / / / / /
h fujitsu ipcom_ex2_in_3500 - / / / / / / /
o fujitsu ipcom_ex2_lb_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_lb_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_lb_3200_firmware / / / / / / / /
h fujitsu ipcom_ex2_lb_3200 - / / / / / / /
o fujitsu ipcom_ex2_lb_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_lb_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_lb_3500_firmware / / / / / / / /
h fujitsu ipcom_ex2_lb_3500 - / / / / / / /
o fujitsu ipcom_ex2_sc_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_sc_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_sc_3200_firmware / / / / / / / /
h fujitsu ipcom_ex2_sc_3200 - / / / / / / /
o fujitsu ipcom_ex2_sc_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_sc_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_sc_3500_firmware / / / / / / / /
h fujitsu ipcom_ex2_sc_3500 - / / / / / / /
o fujitsu ipcom_ex2_dc_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_dc_3200_firmware / / / / / / / /
o fujitsu ipcom_ex2_dc_3200_firmware / / / / / / / /
h fujitsu ipcom_ex2_dc_3200 - / / / / / / /
o fujitsu ipcom_ex2_dc_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_dc_3500_firmware / / / / / / / /
o fujitsu ipcom_ex2_dc_3500_firmware / / / / / / / /
h fujitsu ipcom_ex2_dc_3500 - / / / / / / /

References

https://jvn.jp/en/jp/JVN29238389/
https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/

Tags

vultures@jpcert.or.jp
CWE-203
2024-09-04
CVE-2024-39921

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    View Vector String

Timeline

Published: Sept. 4, 2024, 3:15 a.m.
Last Modified: Sept. 19, 2024, 2:59 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.