CVE-2023-38555

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU96643580/	Third Party Advisory
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-26 08:15

Updated : 2023-08-03 15:10

NVD link : CVE-2023-38555

Mitre link : CVE-2023-38555

CVE.ORG link : CVE-2023-38555

JSON object : View

Products Affected

fujitsu

si-r_g200b_firmware
si-r_30b_firmware
si-r_g200b
si-r_g110b
si-r_g121_firmware
si-r_g211
si-r570b_firmware
si-r570b
si-r_g100_firmware
sr-m_50ap1
si-r_g200_firmware
si-r_g210_firmware
si-r_g120_firmware
si-r370b_firmware
si-r_g100b
sr-m_50ap1_firmware
si-r_g100b_firmware
si-r_90brin_firmware
si-r_g210
si-r_130b
si-r_g211_firmware
si-r_g200
si-r220d
si-r_g120
si-r_g100
si-r_130b_firmware
si-r_g121
si-r_90brin
si-r_30b
si-r370b
si-r220d_firmware
si-r_g110b_firmware

CWE

CWE-287

Improper Authentication

8.8 /10