All the vulnerabilites related to FUJITSU - IPCOM VE2 series
jvndb-2022-000030
Vulnerability from jvndb
Published
2022-05-09 15:02
Modified
2024-07-18 16:30
Severity ?
Summary
Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
Details
FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance. Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below. * OS command injection in the web console (CWE-78) - CVE-2022-29516 * Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188 FUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000030.html",
  "dc:date": "2024-07-18T16:30+09:00",
  "dcterms:issued": "2022-05-09T15:02+09:00",
  "dcterms:modified": "2024-07-18T16:30+09:00",
  "description": "FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.\r\nOperation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.\r\n\r\n  * OS command injection in the web console (CWE-78) - CVE-2022-29516\r\n  * Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188\r\n\r\nFUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000030.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:fujitsu:ipcom_ex",
      "@product": "IPCOM EX series",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:ipcom_ex2",
      "@product": "IPCOM EX2 series",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:ipcom_va2%2fve1",
      "@product": "IPCOM VA2/VE1 series",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:ipcom_ve2",
      "@product": "IPCOM VE2 series",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "10.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000030",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN96561229/index.html",
      "@id": "JVN#96561229",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/vu/JVNVU96424864/index.html",
      "@id": "JVNVU#96424864",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29516",
      "@id": "CVE-2022-29516",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-10188",
      "@id": "CVE-2020-10188",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29516",
      "@id": "CVE-2022-29516",
      "@source": "NVD"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2022/at220013.html",
      "@id": "JPCERT-AT-2022-0013",
      "@source": "JPCERT-WR"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM"
}