CVE-2023-38555 - OpenCVE

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fujitsu	Si-r220d Si-r220d Firmware Si-r370b Si-r370b Firmware Si-r570b Si-r570b Firmware Si-r 130b Si-r 130b Firmware Si-r 30b Si-r 30b Firmware Si-r 90brin Si-r 90brin Firmware Si-r G100 Si-r G100 Firmware Si-r G100b Si-r G100b Firmware Si-r G110b Si-r G110b Firmware Si-r G120 Si-r G120 Firmware Si-r G121 Si-r G121 Firmware Si-r G200 Si-r G200 Firmware Si-r G200b Si-r G200b Firmware Si-r G210 Si-r G210 Firmware Si-r G211 Si-r G211 Firmware Sr-m 50ap1 Sr-m 50ap1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU96643580/
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-07-26T07:43:21.819Z

Updated: 2024-08-02T17:46:56.080Z

Reserved: 2023-07-20T04:38:59.286Z

Link: CVE-2023-38555

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-26T08:15:10.317

Modified: 2023-08-03T15:10:44.193

Link: CVE-2023-38555

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object