Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for IPCOM EX2 Series by Fsas Technologies Inc.

    CVE-2024-39921 (GCVE-0-2024-39921)

    Vulnerability from nvd – Published: 2024-09-04 01:51 – Updated: 2025-03-13 13:26
    VLAI
    Summary
    Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Observable timing discrepancy
    • CWE-203 - Observable Discrepancy
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T14:16:53.423725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T13:26:40.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCOM EX2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V01L02NF0001 to V01L06NF0401"
                }
              ]
            },
            {
              "product": "IPCOM EX2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V01L20NF0001 to V01L20NF0401"
                }
              ]
            },
            {
              "product": "IPCOM EX2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V02L20NF0001 to V02L21NF0301"
                }
              ]
            },
            {
              "product": "IPCOM VE2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V01L04NF0001 to V01L06NF0112"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Observable timing discrepancy",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-04T01:51:14.241Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN29238389/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-39921",
        "datePublished": "2024-09-04T01:51:14.241Z",
        "dateReserved": "2024-07-03T05:21:05.058Z",
        "dateUpdated": "2025-03-13T13:26:40.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39921 (GCVE-0-2024-39921)

    Vulnerability from cvelistv5 – Published: 2024-09-04 01:51 – Updated: 2025-03-13 13:26
    VLAI
    Summary
    Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Observable timing discrepancy
    • CWE-203 - Observable Discrepancy
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-04T14:16:53.423725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T13:26:40.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCOM EX2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V01L02NF0001 to V01L06NF0401"
                }
              ]
            },
            {
              "product": "IPCOM EX2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V01L20NF0001 to V01L20NF0401"
                }
              ]
            },
            {
              "product": "IPCOM EX2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V02L20NF0001 to V02L21NF0301"
                }
              ]
            },
            {
              "product": "IPCOM VE2 Series",
              "vendor": "Fsas Technologies Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V01L04NF0001 to V01L06NF0112"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Observable timing discrepancy",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-04T01:51:14.241Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN29238389/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-39921",
        "datePublished": "2024-09-04T01:51:14.241Z",
        "dateReserved": "2024-07-03T05:21:05.058Z",
        "dateUpdated": "2025-03-13T13:26:40.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }