CVE-2024-39921 (GCVE-0-2024-39921)

Vulnerability from cvelistv5 – Published: 2024-09-04 01:51 – Updated: 2025-03-13 13:26
VLAI?
Summary
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • Observable timing discrepancy
Assigner
References
Impacted products
Vendor Product Version
Fsas Technologies Inc. IPCOM EX2 Series Affected: V01L02NF0001 to V01L06NF0401
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T14:16:53.423725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:26:40.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IPCOM EX2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V01L02NF0001 to V01L06NF0401"
            }
          ]
        },
        {
          "product": "IPCOM EX2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V01L20NF0001 to V01L20NF0401"
            }
          ]
        },
        {
          "product": "IPCOM EX2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V02L20NF0001 to V02L21NF0301"
            }
          ]
        },
        {
          "product": "IPCOM VE2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V01L04NF0001 to V01L06NF0112"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Observable timing discrepancy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-04T01:51:14.241Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN29238389/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-39921",
    "datePublished": "2024-09-04T01:51:14.241Z",
    "dateReserved": "2024-07-03T05:21:05.058Z",
    "dateUpdated": "2025-03-13T13:26:40.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39921\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-09-04T03:15:03.300\",\"lastModified\":\"2025-03-13T14:15:29.073\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de discrepancia de tiempo observable en las series IPCOM EX2 V01L02NF0001 a V01L06NF0401, V01L20NF0001 a V01L20NF0401, V02L20NF0001 a V02L21NF0301 y en las series IPCOM VE2 V01L04NF0001 a V01L06NF0112. Si se explota esta vulnerabilidad, un atacante puede descifrar parte de la comunicaci\u00f3n cifrada y obtener el contenido de la misma.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"F33CCD4D-E55C-4B95-8AB0-32FD36482F14\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC847DF6-0FB4-498F-9E6A-E9277BEFAF8B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"7ACBF242-4C29-4DD2-AD23-BC9356377286\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2672DF0-E57F-4BD6-A1E7-48923F99E488\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_220_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"0FC14544-DF17-4BAD-98E8-64ACEDA96091\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FEF791-A685-4036-8B65-94D00C344AD5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"522288AD-5175-4F19-BF23-D4EEF1E3CE3F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"239A61B6-1F0B-4B80-91E5-372E0F9D9542\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"C5338A67-DEC0-442F-8C28-9A0BC2906797\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4105E5B6-6E70-4E4A-B339-725CF8EB7DF2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"58FF3704-C3BF-44BB-9BBA-1BFA242F1503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C3CB421-17F7-4A57-A64C-2C0ACDF54336\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"D51F4578-7896-4C8D-A5A3-808B8C3C228E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus2_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93E24C7-5A1F-4CC8-8553-A78DF56DAFFD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"121F16FA-ADB2-4A14-9001-0A173F01EBA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus2_220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37782E15-4803-4A46-B977-AC8F476EA812\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"B8041853-1E56-43FC-8C00-334C55F4DC42\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F2D40A-0141-45BF-9058-D9EC91826118\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"A96DE914-28DE-4FB9-9E56-0C038818A7CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11684682-AC1F-4270-AEA0-9D1324FE3B9C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_220_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l04nf0001\",\"versionEndIncluding\":\"v01l06nf0112\",\"matchCriteriaId\":\"EF5DCD75-A9C2-4FC8-8E37-CAD58B570445\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"632309EF-EB1A-4349-9A47-633F6FEA6868\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"427446D3-CF6D-47B3-9EB1-42D1499D9169\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"D32779B2-1953-42AA-84CC-9FB8A60D4DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"850AF6C2-1B57-40F4-8DE5-7BA678940FAF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_in_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749541B1-9447-41DB-B507-3C25923C8056\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"6834BE51-4F83-47D7-9078-55CE715DB9E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"9335DA00-53AD-4FA6-A105-C544B0A7F5C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"26FFBA82-8A98-4791-9D29-6BD4D01D43FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_in_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"038815A3-3810-408E-B89B-80C5E47272D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"684511EB-FCF1-46C7-8AFF-829C4E1F0306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"21AF154C-6572-41E5-A4F1-A70DB59C78C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"521D2E3B-3624-47D4-A93F-5386859AD256\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_lb_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"724D4C66-A53A-4293-8BF8-41136A3FC96B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"3172D936-A418-4329-9FC6-E2152BE7CB90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"A3CBC251-E0FC-4ECF-A6B2-DE9A28F63E96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"7AC3CFF0-9A53-4334-9C24-6CE64FB1E108\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_lb_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AEF78E-78D6-4668-A3EC-85A700B561AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"ADDB8FD1-7252-4A53-A139-E810E04D8644\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"471F87B1-067B-48CF-934E-14B8B5448B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"96163B7D-834F-4FDF-8337-3016E0CB5550\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_sc_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D42386DF-D819-4101-BB4A-3C4A905947E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"8CE628AE-749E-43B9-99EF-22F431A57115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"20993B20-3FCA-49CC-930A-73178A52D369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"DE3E90AD-253B-4A68-A1A3-B07E6DE57B81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_sc_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70AEB89-7AB9-4B42-A97B-380E8D9245DB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"5FD20DCA-7300-476A-A67E-36E97FE675BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"F5E9AA9B-800A-43B2-88CB-96199BBE81B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"CDB984FA-37A6-4233-8508-B9F774CEFDB5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_dc_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AD94E19-5A80-4752-A70C-88DB73696DAA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l02nf0001\",\"versionEndIncluding\":\"v01l06nf0401\",\"matchCriteriaId\":\"88A97F3B-7521-44FB-AAC9-406397D4C5E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v01l20nf0001\",\"versionEndIncluding\":\"v01l20nf0401\",\"matchCriteriaId\":\"1A5C21EC-F232-4CF9-A6E8-C391D8DD9F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"v02l20nf0001\",\"versionEndIncluding\":\"v02l21nf0301\",\"matchCriteriaId\":\"9BB3AE73-5A32-43E9-AF3F-BE1B971AA031\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:ipcom_ex2_dc_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D9BC4CF-A11A-4681-AFFD-E4574A02F0C0\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN29238389/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39921\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-04T14:16:53.423725Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T14:17:05.496Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM EX2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V01L02NF0001 to V01L06NF0401\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM EX2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V01L20NF0001 to V01L20NF0401\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM EX2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V02L20NF0001 to V02L21NF0301\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM VE2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V01L04NF0001 to V01L06NF0112\"}]}], \"references\": [{\"url\": \"https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/\"}, {\"url\": \"https://jvn.jp/en/jp/JVN29238389/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Observable timing discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-09-04T01:51:14.241Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39921\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-13T13:26:40.037Z\", \"dateReserved\": \"2024-07-03T05:21:05.058Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-09-04T01:51:14.241Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.