CVE-2024-39921

Published: Sep 4, 2024Modified: Mar 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

Affected (35)

Products: Fujitsu: Ipcom Ve2 Ls 100 Firmware, Ipcom Ve2 Ls 200 Firmware, Ipcom Ve2 Ls 220 Firmware, Ipcom Ve2 Ls Plus 100 Firmware, Ipcom Ve2 Ls Plus 200 Firmware, Ipcom Ve2 Ls Plus 220 Firmware, Ipcom Ve2 Ls Plus2 200 Firmware, Ipcom Ve2 Ls Plus2 220 Firmware, Ipcom Ve2 Sc Plus 100 Firmware, Ipcom Ve2 Sc Plus 200 Firmware, Ipcom Ve2 Sc Plus 220 Firmware, Ipcom Ex2 In 3200 Firmware, Ipcom Ex2 In 3500 Firmware, Ipcom Ex2 Lb 3200 Firmware, Ipcom Ex2 Lb 3500 Firmware, Ipcom Ex2 Sc 3200 Firmware, Ipcom Ex2 Sc 3500 Firmware, Ipcom Ex2 Dc 3200 Firmware, Ipcom Ex2 Dc 3500 Firmware

Fujitsu

19 products

Ipcom Ve2 Ls 100 Firmware

Ipcom Ve2 Ls 200 Firmware

Ipcom Ve2 Ls 220 Firmware

Ipcom Ve2 Ls Plus 100 Firmware

Ipcom Ve2 Ls Plus 200 Firmware

Ipcom Ve2 Ls Plus 220 Firmware

Ipcom Ve2 Ls Plus2 200 Firmware

Ipcom Ve2 Ls Plus2 220 Firmware

Ipcom Ve2 Sc Plus 100 Firmware

Ipcom Ve2 Sc Plus 200 Firmware

Ipcom Ve2 Sc Plus 220 Firmware

Ipcom Ex2 In 3200 Firmware

Ipcom Ex2 In 3500 Firmware

Ipcom Ex2 Lb 3200 Firmware

Ipcom Ex2 Lb 3500 Firmware

Ipcom Ex2 Sc 3200 Firmware

Ipcom Ex2 Sc 3500 Firmware

Ipcom Ex2 Dc 3200 Firmware

Ipcom Ex2 Dc 3500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls 100 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls 200 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls 200	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls 220 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls 220	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls Plus 100 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls Plus 100	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls Plus 200 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls Plus 200	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls Plus 220 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls Plus 220	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls Plus2 200 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls Plus2 200	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Ls Plus2 220 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Ls Plus2 220	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Sc Plus 100 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Sc Plus 100	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Sc Plus 200 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Sc Plus 200	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ve2 Sc Plus 220 Firmware	From v01l04nf0001 to v01l06nf0112

Running on/with	Platform Versions
Fujitsu Ipcom Ve2 Sc Plus 220	All versions

Configuration L

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 In 3200 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 In 3200 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 In 3200 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 In 3200	All versions

Configuration M

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 In 3500 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 In 3500 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 In 3500 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 In 3500	All versions

Configuration N

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 Lb 3200 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 Lb 3200 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 Lb 3200 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 Lb 3200	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 Lb 3500 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 Lb 3500 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 Lb 3500 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 Lb 3500	All versions

Configuration P

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 Sc 3200 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 Sc 3200 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 Sc 3200 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 Sc 3200	All versions

Configuration Q

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 Sc 3500 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 Sc 3500 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 Sc 3500 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 Sc 3500	All versions

Configuration R

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 Dc 3200 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 Dc 3200 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 Dc 3200 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 Dc 3200	All versions

Configuration S

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fujitsu Ipcom Ex2 Dc 3500 Firmware	From v01l02nf0001 to v01l06nf0401
Fujitsu Ipcom Ex2 Dc 3500 Firmware	From v01l20nf0001 to v01l20nf0401
Fujitsu Ipcom Ex2 Dc 3500 Firmware	From v02l20nf0001 to v02l21nf0301

Running on/with	Platform Versions
Fujitsu Ipcom Ex2 Dc 3500	All versions

Related CWEs

CWE-203

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (2)

https://jvn.jp/en/jp/JVN29238389/

Source: vultures@jpcert.or.jp

MitigationThird Party Advisory

https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

Timeline

No history available yet.