CVE-2024-39921 (GCVE-0-2024-39921)

Vulnerability from cvelistv5 – Published: 2024-09-04 01:51 – Updated: 2025-03-13 13:26
VLAI?
Summary
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • Observable timing discrepancy
Assigner
References
Impacted products
Vendor Product Version
Fsas Technologies Inc. IPCOM EX2 Series Affected: V01L02NF0001 to V01L06NF0401
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T14:16:53.423725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:26:40.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IPCOM EX2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V01L02NF0001 to V01L06NF0401"
            }
          ]
        },
        {
          "product": "IPCOM EX2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V01L20NF0001 to V01L20NF0401"
            }
          ]
        },
        {
          "product": "IPCOM EX2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V02L20NF0001 to V02L21NF0301"
            }
          ]
        },
        {
          "product": "IPCOM VE2 Series",
          "vendor": "Fsas Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V01L04NF0001 to V01L06NF0112"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Observable timing discrepancy",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-04T01:51:14.241Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN29238389/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-39921",
    "datePublished": "2024-09-04T01:51:14.241Z",
    "dateReserved": "2024-07-03T05:21:05.058Z",
    "dateUpdated": "2025-03-13T13:26:40.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39921\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-04T14:16:53.423725Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T14:17:05.496Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM EX2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V01L02NF0001 to V01L06NF0401\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM EX2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V01L20NF0001 to V01L20NF0401\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM EX2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V02L20NF0001 to V02L21NF0301\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"IPCOM VE2 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"V01L04NF0001 to V01L06NF0112\"}]}], \"references\": [{\"url\": \"https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/\"}, {\"url\": \"https://jvn.jp/en/jp/JVN29238389/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Observable timing discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-09-04T01:51:14.241Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-39921\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-13T13:26:40.037Z\", \"dateReserved\": \"2024-07-03T05:21:05.058Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-09-04T01:51:14.241Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.