Headline
CVE-2022-29516: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
Published:2022/05/09 Last Updated:2022/05/09
Overview
Operation management interface of FUJITSU Network IPCOM provided by FUJITSU LIMITED contains multiple vulnerabilities.
Products Affected
- IPCOM EX2 series
- IPCOM EX series
- IPCOM VE2 series
- IPCOM VA2/VE1 series
Description
FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance.
Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below.
OS command injection in the web console (CWE-78) - CVE-2022-29516
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 9.8
CVSS v2
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score: 10.0
Buffer overflow in the Command Line Interface (CWE-120) - CVE-2020-10188
The product uses previous versions of netkit-telnet which contains a known vulnerability.CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 9.8
CVSS v2
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score: 10.0
Impact
- A remote attacker may execute an arbitrary OS command.
- A remote attacker may obtain and/or alter sensitive information.
- A remote attackerr may be able to cause a denial-of-service (DoS).
Solution
Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
These vulnerabilities have been already addressed in the following firmware versions.
- IPCOM EX2 V01L05 NF0501
- IPCOM EX E20L33 NF1101
Apply the Workaround
Apply one of the following workarounds to prevent unauthorized access from other than authorized Operation management terminal:
- Prepare a dedicated network to deploy Operation management interface and allow access to the Operation management interface only from the network
- Set individual permissions for Operation management terminal
For more information, refer to the information provided by the developer. (Text in Japanese)
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
FUJITSU LIMITED reported these vulnerabilities to IPA to notify users of its solution through JVN. JPCERT/CC and FUJITSU LIMITED coordinated under the Information Security Early Warning Partnership.
Other Information
Update History
2022/05/09
Information under the section [Other Information] was updated.
Related news
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CV...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.