Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Fujitsu
  • Network Edgiot Gw1500
  • Network Edgiot Gw1500 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:fujitsu:network_edgiot_gw1500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:network_edgiot_gw1500:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://fenics.fujitsu.com/networkservice/m2m/download/update-m.html cve-icon cve-icon
https://jvn.jp/en/jp/JVN25583987/ cve-icon cve-icon
History

Tue, 10 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Fujitsu
Fujitsu network Edgiot Gw1500
Fujitsu network Edgiot Gw1500 Firmware
Weaknesses CWE-22
CPEs cpe:2.3:h:fujitsu:network_edgiot_gw1500:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:network_edgiot_gw1500_firmware:*:*:*:*:*:*:*:*
Vendors & Products Fujitsu
Fujitsu network Edgiot Gw1500
Fujitsu network Edgiot Gw1500 Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-07-17T08:44:44.939Z

Updated: 2024-08-02T04:33:12.034Z

Reserved: 2024-07-08T00:59:01.182Z

Link: CVE-2024-40617

cve-icon Vulnrichment

Updated: 2024-07-25T15:57:02.605Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-17T09:15:03.163

Modified: 2024-09-10T13:45:37.100

Link: CVE-2024-40617

cve-icon Redhat

No data.