CVE-2023-38433 - OpenCVE

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fujitsu	Ip-90 Ip-900d Ip-900d Firmware Ip-900e Ip-900e Firmware Ip-900iid Ip-900iid Firmware Ip-90 Firmware Ip-920d Ip-920d Firmware Ip-920e Ip-920e Firmware Ip-9610 Ip-9610 Firmware Ip-he900d Ip-he900d Firmware Ip-he900e Ip-he900e Firmware Ip-he950d Ip-he950d Firmware Ip-he950e Ip-he950e Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-he950e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fujitsu:ip-he950d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-he950d:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fujitsu:ip-he900e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-he900e:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fujitsu:ip-he900d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-he900d:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:fujitsu:ip-900e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-900e:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:fujitsu:ip-920e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-920e:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:fujitsu:ip-900d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-900d:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:fujitsu:ip-900iid_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-900iid:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:fujitsu:ip-920d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-920d:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:fujitsu:ip-90_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-90:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:fujitsu:ip-9610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ip-9610:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN95727578/
https://www.fujitsu.com/global/products/computing/peripheral/video/download/

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-07-26T07:44:04.302Z

Updated: 2024-08-02T17:39:13.693Z

Reserved: 2023-07-18T00:32:29.582Z

Link: CVE-2023-38433

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-07-26T08:15:10.227

Modified: 2023-11-07T04:17:18.610

Link: CVE-2023-38433

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object