CVE-2022-43470 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fsi	Fs020w Fs020w Firmware Fs030w Fs030w Firmware Fs040u Fs040u Firmware Fs040w Fs040w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fsi:fs040u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs040u:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fsi:fs020w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs020w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fsi:fs030w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs030w:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fsi:fs040w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs040w:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN74285622/index.html
https://www.fsi.co.jp/mobile/plusF/news/22102801.html
https://www.fsi.co.jp/mobile/plusF/news/22102802.html
https://www.fsi.co.jp/mobile/plusF/news/22102803.html
https://www.fsi.co.jp/mobile/plusF/news/22102804.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-12-05T00:00:00

Updated: 2024-08-03T13:32:59.180Z

Reserved: 2022-10-22T00:00:00

Link: CVE-2022-43470

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-05T04:15:10.240

Modified: 2022-12-06T16:39:26.703

Link: CVE-2022-43470

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43470", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "dateUpdated": "2024-08-03T13:32:59.180Z", "dateReserved": "2022-10-22T00:00:00", "datePublished": "2022-12-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2022-12-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed."}], "affected": [{"vendor": "FUJI SOFT INCORPORATED", "product": "+F FS040U, +F FS020W, +F FS030W, and +F FS040W", "versions": [{"version": "+F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier", "status": "affected"}]}], "references": [{"url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html"}, {"url": "https://jvn.jp/en/jp/JVN74285622/index.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Cross-site request forgery"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.180Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN74285622/index.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs040u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAEE23-2050-4A94-87AD-8ADA97881B1F", "versionEndIncluding": "2.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs040u:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37C2591-BB48-443C-BDA7-5B1B5988AF6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs020w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8563F7A-7D71-471F-AC51-5A4F2C2D080E", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs020w:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC6EC9BC-6A81-4704-906E-BAE1EA8F6DF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs030w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E91AD140-C4D8-4A80-AF32-C06CF3970CA2", "versionEndIncluding": "3.3.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs030w:-:*:*:*:*:*:*:*", "matchCriteriaId": "7428EC5A-079A-4759-BEBB-7F58E7EA4AA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs040w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A73DAD96-1D8A-412F-B248-D61E7F14B84A", "versionEndIncluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs040w:-:*:*:*:*:*:*:*", "matchCriteriaId": "37A14440-69FF-4DDB-9FAE-05AFBF00D4EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en las versiones de software +F FS040U v2.3.4 y anteriores, versiones de software +F FS020W v4.0.0 y anteriores, versiones de software +F FS030W v3.3.5 y anteriores, y versiones de software +F FS040W v1 .4.1 y anteriores permiten que un atacante adyacente se apodere de la autenticaci\u00f3n de un administrador y se puedan realizar operaciones no deseadas del usuario, como reiniciar el producto y/o restablecer la configuraci\u00f3n a la configuraci\u00f3n inicial."}], "id": "CVE-2022-43470", "lastModified": "2022-12-06T16:39:26.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T04:15:10.240", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN74285622/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}