CVE-2024-39921

moderate-risk

Published 2024-09-04

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

Do I need to act?

0.40% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (19)

Ipcom Ve2 Ls 100 Firmware

Ipcom Ve2 Ls 200 Firmware

Ipcom Ve2 Ls 220 Firmware

Ipcom Ve2 Ls Plus 100 Firmware

Ipcom Ve2 Ls Plus 200 Firmware

Ipcom Ve2 Ls Plus 220 Firmware

Ipcom Ve2 Ls Plus2 200 Firmware

Ipcom Ve2 Ls Plus2 220 Firmware

Ipcom Ve2 Sc Plus 100 Firmware

Ipcom Ve2 Sc Plus 200 Firmware

Ipcom Ve2 Sc Plus 220 Firmware

Ipcom Ex2 In 3200 Firmware

Ipcom Ex2 In 3500 Firmware

Ipcom Ex2 Lb 3200 Firmware

Ipcom Ex2 Lb 3500 Firmware

Ipcom Ex2 Sc 3200 Firmware

Ipcom Ex2 Sc 3500 Firmware

Ipcom Ex2 Dc 3200 Firmware

Ipcom Ex2 Dc 3500 Firmware

Affected Vendors

Fujitsu

References (2)

Mitigation https://jvn.jp/en/jp/JVN29238389/

Mitigation https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate