CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN29238389/	Mitigation Third Party Advisory
https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_220:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_100:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_200:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_220:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus2_200:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus2_220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_100:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_200:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_220:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_in_3200:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_in_3500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_lb_3200:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_lb_3500:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_sc_3200:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_sc_3500:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_dc_3200:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

OR	cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware::::::::
	cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware::::::::

cpe:2.3:h:fujitsu:ipcom_ex2_dc_3500:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-09-04 03:15

Updated : 2025-03-13 14:15

NVD link : CVE-2024-39921

Mitre link : CVE-2024-39921

CVE.ORG link : CVE-2024-39921

JSON object : View

Products Affected

fujitsu

ipcom_ve2_sc_plus_100_firmware
ipcom_ve2_sc_plus_200
ipcom_ve2_ls_100
ipcom_ve2_ls_plus_100
ipcom_ve2_sc_plus_200_firmware
ipcom_ex2_lb_3500
ipcom_ve2_ls_plus_100_firmware
ipcom_ex2_sc_3500_firmware
ipcom_ex2_sc_3200
ipcom_ex2_sc_3500
ipcom_ve2_ls_plus_200_firmware
ipcom_ve2_ls_100_firmware
ipcom_ve2_ls_200_firmware
ipcom_ve2_sc_plus_220_firmware
ipcom_ve2_ls_200
ipcom_ve2_ls_plus2_220
ipcom_ex2_dc_3500_firmware
ipcom_ex2_in_3200
ipcom_ve2_ls_plus_200
ipcom_ve2_ls_plus2_200_firmware
ipcom_ve2_ls_plus2_200
ipcom_ex2_dc_3500
ipcom_ex2_lb_3200
ipcom_ex2_sc_3200_firmware
ipcom_ve2_ls_plus_220
ipcom_ex2_in_3200_firmware
ipcom_ex2_in_3500
ipcom_ve2_sc_plus_100
ipcom_ve2_ls_plus_220_firmware
ipcom_ve2_ls_220
ipcom_ex2_in_3500_firmware
ipcom_ex2_lb_3500_firmware
ipcom_ex2_dc_3200
ipcom_ve2_sc_plus_220
ipcom_ve2_ls_plus2_220_firmware
ipcom_ex2_lb_3200_firmware
ipcom_ex2_dc_3200_firmware
ipcom_ve2_ls_220_firmware

CWE

CWE-203

Observable Discrepancy

7.5 /10