All the vulnerabilites related to FURUNO SYSTEMS Co.,Ltd. - ACERA 9010-08
cve-2024-28744
Vulnerability from cvelistv5
Published
2024-04-08 00:16
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:furunosystems:acera_9010-08_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acera_9010-08_firmware",
"vendor": "furunosystems",
"versions": [
{
"lessThanOrEqual": "02.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furunosystems:acera_9010-24_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acera_9010-24_firmware",
"vendor": "furunosystems",
"versions": [
{
"lessThanOrEqual": "02.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28744",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:13:16.617613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:16:55.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.furunosystems.co.jp/news/info/vulner20240401.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99285099/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ACERA 9010-08",
"vendor": "FURUNO SYSTEMS Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware v02.04 and earlier"
}
]
},
{
"product": "ACERA 9010-24",
"vendor": "FURUNO SYSTEMS Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware v02.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Empty Password in Configuration File",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T00:16:21.116Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.furunosystems.co.jp/news/info/vulner20240401.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99285099/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-28744",
"datePublished": "2024-04-08T00:16:21.116Z",
"dateReserved": "2024-03-08T05:25:54.146Z",
"dateUpdated": "2024-08-02T00:56:58.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-003051
Vulnerability from jvndb
Published
2024-04-02 18:03
Modified
2024-04-02 18:03
Severity ?
Summary
FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password
Details
In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled.
The products are affected only when running in non MS mode with the initial configuration.
FURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU99285099/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-28744 | |
| Empty Password in Configuration File(CWE-258) | https://cwe.mitre.org/data/definitions/258.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
"dc:date": "2024-04-02T18:03+09:00",
"dcterms:issued": "2024-04-02T18:03+09:00",
"dcterms:modified": "2024-04-02T18:03+09:00",
"description": "In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled.\r\n\r\nThe products are affected only when running in non MS mode with the initial configuration.\r\n\r\nFURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
"sec:cpe": [
{
"#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-08",
"@product": "ACERA 9010-08",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-24",
"@product": "ACERA 9010-24",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-003051",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99285099/index.html",
"@id": "JVNVU#99285099",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28744",
"@id": "CVE-2024-28744",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/258.html",
"@id": "CWE-258",
"@title": "Empty Password in Configuration File(CWE-258)"
}
],
"title": "FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password"
}