jvndb-2022-000030
Vulnerability from jvndb
Published
2022-05-09 15:02
Modified
2024-07-18 16:30
Severity ?
Summary
Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
Details
FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.
Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.
* OS command injection in the web console (CWE-78) - CVE-2022-29516
* Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188
FUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000030.html", "dc:date": "2024-07-18T16:30+09:00", "dcterms:issued": "2022-05-09T15:02+09:00", "dcterms:modified": "2024-07-18T16:30+09:00", "description": "FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.\r\nOperation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.\r\n\r\n * OS command injection in the web console (CWE-78) - CVE-2022-29516\r\n * Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188\r\n\r\nFUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000030.html", "sec:cpe": [ { "#text": "cpe:/a:fujitsu:ipcom_ex", "@product": "IPCOM EX series", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:ipcom_ex2", "@product": "IPCOM EX2 series", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:ipcom_va2%2fve1", "@product": "IPCOM VA2/VE1 series", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:ipcom_ve2", "@product": "IPCOM VE2 series", "@vendor": "FUJITSU", "@version": "2.2" } ], "sec:cvss": [ { "@score": "10.0", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "@version": "2.0" }, { "@score": "9.8", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2022-000030", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN96561229/index.html", "@id": "JVN#96561229", "@source": "JVN" }, { "#text": "https://jvn.jp/vu/JVNVU96424864/index.html", "@id": "JVNVU#96424864", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2020-10188", "@id": "CVE-2020-10188", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29516", "@id": "CVE-2022-29516", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-10188", "@id": "CVE-2020-10188", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29516", "@id": "CVE-2022-29516", "@source": "NVD" }, { "#text": "https://www.jpcert.or.jp/english/at/2022/at220013.html", "@id": "JPCERT-AT-2022-0013", "@source": "JPCERT-WR" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-119", "@title": "Buffer Errors(CWE-119)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" } ], "title": "Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.