CVE-2023-38555

moderate-risk

Published 2023-07-26

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (16)

Si-R 30B Firmware

Si-R 130B Firmware

Si-R 90Brin Firmware

Si-R570B Firmware

Si-R370B Firmware

Si-R220D Firmware

Si-R G100 Firmware

Si-R G200 Firmware

Si-R G100B Firmware

Si-R G110B Firmware

Si-R G200B Firmware

Si-R G210 Firmware

Si-R G211 Firmware

Si-R G120 Firmware

Si-R G121 Firmware

Sr-M 50Ap1 Firmware

Affected Vendors

Fujitsu

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU96643580/

Vendor Advisory https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/

Third Party Advisory https://jvn.jp/en/vu/JVNVU96643580/

Vendor Advisory https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate