CVE-2022-29516

high-risk

Published 2022-05-18

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Ipcom Ex2 Nw 1100 Firmware

Ipcom Ex2 Nw 3500 Firmware

Ipcom Ex2 Nw 3200 Firmware

Ipcom Ex2 Sc 1100 Firmware

Ipcom Ex2 Sc 3500 Firmware

Ipcom Ex2 Sc 3200 Firmware

Ipcom Ex2 Lb 1100 Firmware

Ipcom Ex2 Lb 3500 Firmware

Ipcom Ex2 Lb 3200 Firmware

Ipcom Ex2 In 1100 Firmware

Ipcom Ex2 In 3200 Firmware

Ipcom Ex2 In 3500 Firmware

Ipcom Ex2 Dc 3500 Firmware

Ipcom Ex2 Dc 3200 Firmware

Ipcom Ex In 2300 Firmware

Ipcom Ex In 2500 Firmware

Ipcom Ex In 2700 Firmware

Ipcom Ex Lb 1100 Firmware

Ipcom Ex Lb 1300 Firmware

Ipcom Ex Lb 2300 Firmware

Affected Vendors

Fujitsu

References (4)

Third Party Advisory https://jvn.jp/en/jp/JVN96561229/index.html

Vendor Advisory https://www.fujitsu.com/jp/products/network/support/2022/ipcom-01/

Third Party Advisory https://jvn.jp/en/jp/JVN96561229/index.html

Vendor Advisory https://www.fujitsu.com/jp/products/network/support/2022/ipcom-01/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 25/34 · High