CVE-2024-40617
moderate-risk
Published 2024-07-17
Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.
Do I need to act?
!
17.0% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Permissions Required
https://fenics.fujitsu.com/networkservice/m2m/download/update-m.html
Third Party Advisory
https://jvn.jp/en/jp/JVN25583987/
Permissions Required
https://fenics.fujitsu.com/networkservice/m2m/download/update-m.html
Third Party Advisory
https://jvn.jp/en/jp/JVN25583987/
42
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
13/34 · Low
Exposure
5/34 · Minimal