All the vulnerabilites related to FUJITSU - IPCOM EX2 series
jvndb-2022-000030
Vulnerability from jvndb
Published
2022-05-09 15:02
Modified
2024-07-18 16:30
Severity ?
Summary
Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
Details
FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.
Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.
* OS command injection in the web console (CWE-78) - CVE-2022-29516
* Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188
FUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000030.html",
"dc:date": "2024-07-18T16:30+09:00",
"dcterms:issued": "2022-05-09T15:02+09:00",
"dcterms:modified": "2024-07-18T16:30+09:00",
"description": "FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.\r\nOperation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.\r\n\r\n * OS command injection in the web console (CWE-78) - CVE-2022-29516\r\n * Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188\r\n\r\nFUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000030.html",
"sec:cpe": [
{
"#text": "cpe:/a:fujitsu:ipcom_ex",
"@product": "IPCOM EX series",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:ipcom_ex2",
"@product": "IPCOM EX2 series",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:ipcom_va2%2fve1",
"@product": "IPCOM VA2/VE1 series",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:ipcom_ve2",
"@product": "IPCOM VE2 series",
"@vendor": "FUJITSU",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000030",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN96561229/index.html",
"@id": "JVN#96561229",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/vu/JVNVU96424864/index.html",
"@id": "JVNVU#96424864",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
"@id": "CVE-2020-10188",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29516",
"@id": "CVE-2022-29516",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-10188",
"@id": "CVE-2020-10188",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29516",
"@id": "CVE-2022-29516",
"@source": "NVD"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2022/at220013.html",
"@id": "JPCERT-AT-2022-0013",
"@source": "JPCERT-WR"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM"
}