CVE-2023-38555

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38555
Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU96643580/ Third Party Advisory
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*
History

03 Aug 2023, 15:10

Type Values Removed Values Added
CWE CWE-287
References (MISC) https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/ - (MISC) https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/ - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU96643580/ - (MISC) https://jvn.jp/en/vu/JVNVU96643580/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Fujitsu si-r220d
Fujitsu si-r G120 Firmware
Fujitsu
Fujitsu si-r G200b Firmware
Fujitsu si-r G200b
Fujitsu si-r 30b
Fujitsu si-r G200 Firmware
Fujitsu sr-m 50ap1 Firmware
Fujitsu si-r G100b Firmware
Fujitsu si-r G210 Firmware
Fujitsu si-r570b Firmware
Fujitsu si-r 30b Firmware
Fujitsu si-r 90brin Firmware
Fujitsu si-r 130b Firmware
Fujitsu sr-m 50ap1
Fujitsu si-r370b
Fujitsu si-r 130b
Fujitsu si-r G211
Fujitsu si-r220d Firmware
Fujitsu si-r G200
Fujitsu si-r G100 Firmware
Fujitsu si-r G211 Firmware
Fujitsu si-r G121 Firmware
Fujitsu si-r 90brin
Fujitsu si-r G110b
Fujitsu si-r G100
Fujitsu si-r G110b Firmware
Fujitsu si-r570b
Fujitsu si-r370b Firmware
Fujitsu si-r G210
Fujitsu si-r G100b
Fujitsu si-r G121
Fujitsu si-r G120
CPE cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*

26 Jul 2023, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-26 08:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-38555

Mitre link : CVE-2023-38555

CVE.ORG link : CVE-2023-38555

JSON object : View

Products Affected

fujitsu

  • si-r_g200_firmware
  • si-r_30b_firmware
  • si-r_g110b
  • si-r_g120
  • si-r370b
  • si-r_g100
  • si-r220d_firmware
  • si-r_130b
  • si-r_g200b
  • si-r_g100b
  • si-r570b
  • si-r_g200
  • si-r_g211
  • si-r_30b
  • si-r220d
  • si-r_g100b_firmware
  • si-r370b_firmware
  • si-r_g200b_firmware
  • si-r_g211_firmware
  • si-r_g210
  • si-r_g210_firmware
  • si-r_g100_firmware
  • si-r_90brin
  • si-r_g120_firmware
  • si-r_90brin_firmware
  • si-r_g121_firmware
  • si-r570b_firmware
  • si-r_g110b_firmware
  • si-r_g121
  • sr-m_50ap1
  • si-r_130b_firmware
  • sr-m_50ap1_firmware
CWE
CWE-287

Improper Authentication


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024