Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for FFRI AMC by FFRI Security, Inc.

    CVE-2024-40895 (GCVE-0-2024-40895)

    Vulnerability from nvd – Published: 2024-07-30 08:37 – Updated: 2024-08-02 04:39
    VLAI
    Summary
    FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FFRI Security, Inc. FFRI AMC Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    NEC Corporation FFRI AMC for ActSecure χ Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    Sky Co., Ltd. EDR Plus Pack Affected: Bundled FFRI AMC versions 3.4.0 to 3.5.3
    Create a notification for this product.
    ffri ffri_amc Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack_cloud Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ffri_amc",
                "vendor": "ffri",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack_cloud",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:16:27.684515Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T17:31:56.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:39:55.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/240729_01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN26734798/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFRI AMC",
              "vendor": "FFRI Security, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "FFRI AMC for ActSecure \u03c7",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "EDR Plus Pack",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI AMC versions 3.4.0 to 3.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T08:37:07.607Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
            },
            {
              "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
            },
            {
              "url": "https://www.skyseaclientview.net/news/240729_01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26734798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40895",
        "datePublished": "2024-07-30T08:37:07.607Z",
        "dateReserved": "2024-07-12T03:00:58.480Z",
        "dateUpdated": "2024-08-02T04:39:55.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40895 (GCVE-0-2024-40895)

    Vulnerability from cvelistv5 – Published: 2024-07-30 08:37 – Updated: 2024-08-02 04:39
    VLAI
    Summary
    FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FFRI Security, Inc. FFRI AMC Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    NEC Corporation FFRI AMC for ActSecure χ Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    Sky Co., Ltd. EDR Plus Pack Affected: Bundled FFRI AMC versions 3.4.0 to 3.5.3
    Create a notification for this product.
    ffri ffri_amc Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack_cloud Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ffri_amc",
                "vendor": "ffri",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack_cloud",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:16:27.684515Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T17:31:56.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:39:55.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/240729_01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN26734798/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFRI AMC",
              "vendor": "FFRI Security, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "FFRI AMC for ActSecure \u03c7",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "EDR Plus Pack",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI AMC versions 3.4.0 to 3.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T08:37:07.607Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
            },
            {
              "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
            },
            {
              "url": "https://www.skyseaclientview.net/news/240729_01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26734798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40895",
        "datePublished": "2024-07-30T08:37:07.607Z",
        "dateReserved": "2024-07-12T03:00:58.480Z",
        "dateUpdated": "2024-08-02T04:39:55.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-000077

    Vulnerability from jvndb - Published: 2024-07-30 16:40 - Updated:2024-07-30 16:40
    Severity
    Summary
    FFRI AMC vulnerable to OS command injection
    Details
    FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X. FFRI AMC contains an OS command injection vulnerability (CWE-78). It is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style. FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000077.html",
      "dc:date": "2024-07-30T16:40+09:00",
      "dcterms:issued": "2024-07-30T16:40+09:00",
      "dcterms:modified": "2024-07-30T16:40+09:00",
      "description": "FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X.\r\nFFRI AMC contains an OS command injection vulnerability (CWE-78).\r\nIt is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style.\r\n\r\nFFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000077.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ffri:ffri_amc",
          "@product": "FFRI AMC",
          "@vendor": "FFRI Security, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:nec:ffri_amc",
          "@product": "FFRI AMC for ActSecure X",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:edr_plus_pack",
          "@product": "EDR Pluspack",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "8.1",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000077",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN26734798/index.html",
          "@id": "JVN#26734798",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-40895",
          "@id": "CVE-2024-40895",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "FFRI AMC vulnerable to OS command injection"
    }