CVE-2024-39921

HIGH

Fujitsu Ipcom Ve2 LS 100 Firmware - Information Disclosure

Title source: rule

Description

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

References (2)

[Mitigation, Third Party Advisory] https://jvn.jp/en/jp/JVN29238389/

[Mitigation, Vendor Advisory] https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 60.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (19)

fujitsu/ipcom_ex2_dc_3200_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_dc_3500_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_in_3200_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_in_3500_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_lb_3200_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_lb_3500_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_sc_3200_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ex2_sc_3500_firmware v01l02nf0001 - v01l06nf0401

fujitsu/ipcom_ve2_ls_100_firmware v01l04nf0001 - v01l06nf0112

fujitsu/ipcom_ve2_ls_200_firmware v01l04nf0001 - v01l06nf0112

... and 9 more

Published Sep 04, 2024

Tracked Since Feb 18, 2026