CVE-2023-38433

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38433
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN95727578/ Third Party Advisory
https://www.fujitsu.com/global/products/computing/peripheral/video/download/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he950e:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:fujitsu:ip-he950d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he950d:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:fujitsu:ip-he900e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he900e:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:fujitsu:ip-he900d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he900d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:fujitsu:ip-900e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:fujitsu:ip-920e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-920e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:fujitsu:ip-900d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900d:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:fujitsu:ip-900iid_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900iid:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:fujitsu:ip-920d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-920d:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:fujitsu:ip-90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-90:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:fujitsu:ip-9610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-9610:-:*:*:*:*:*:*:*
History

03 Aug 2023, 15:03

Type Values Removed Values Added
CPE cpe:2.3:o:fujitsu:ip-900e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900d:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-he950d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he950d:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-920d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-90:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-9610:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he950e:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-900iid_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he900e:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-920e:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-90_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-9610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-920e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900iid:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-900e:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-he900d:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-he900e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-he900d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:ip-900d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:ip-920d:-:*:*:*:*:*:*:*
CWE CWE-798
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Fujitsu ip-he900d
Fujitsu ip-90 Firmware
Fujitsu ip-he950e
Fujitsu ip-900iid Firmware
Fujitsu ip-he950d
Fujitsu ip-900e
Fujitsu ip-920d Firmware
Fujitsu ip-920e
Fujitsu ip-90
Fujitsu ip-he900e
Fujitsu ip-he900e Firmware
Fujitsu ip-900d
Fujitsu ip-9610
Fujitsu ip-he900d Firmware
Fujitsu ip-920d
Fujitsu
Fujitsu ip-9610 Firmware
Fujitsu ip-he950d Firmware
Fujitsu ip-900e Firmware
Fujitsu ip-920e Firmware
Fujitsu ip-900iid
Fujitsu ip-900d Firmware
Fujitsu ip-he950e Firmware
References (MISC) https://jvn.jp/en/jp/JVN95727578/ - (MISC) https://jvn.jp/en/jp/JVN95727578/ - Third Party Advisory
References (MISC) https://www.fujitsu.com/global/products/computing/peripheral/video/download/ - (MISC) https://www.fujitsu.com/global/products/computing/peripheral/video/download/ - Product

26 Jul 2023, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-26 08:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-38433

Mitre link : CVE-2023-38433

CVE.ORG link : CVE-2023-38433

JSON object : View

Products Affected

fujitsu

  • ip-he900d_firmware
  • ip-920e
  • ip-900d
  • ip-90_firmware
  • ip-920e_firmware
  • ip-900e_firmware
  • ip-9610_firmware
  • ip-he950e
  • ip-90
  • ip-he900e
  • ip-900iid_firmware
  • ip-920d_firmware
  • ip-he900d
  • ip-he900e_firmware
  • ip-900e
  • ip-he950e_firmware
  • ip-he950d_firmware
  • ip-he950d
  • ip-9610
  • ip-920d
  • ip-900d_firmware
  • ip-900iid
CWE
CWE-798

Use of Hard-coded Credentials