CVE-2023-38555

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38555
Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU96643580/ Third Party Advisory
https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*
History

03 Aug 2023, 15:10

Type Values Removed Values Added
CWE CWE-287
CPE cpe:2.3:h:fujitsu:si-r370b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_30b:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_130b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r570b:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_130b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:sr-m_50ap1:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_90brin_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g200b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g120:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g110b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:sr-m_50ap1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g211_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g200:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g211:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_30b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g121_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g121:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r_g100b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r220d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r370b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g110b:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g210:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_90brin:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r220d:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:si-r570b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:si-r_g100b:-:*:*:*:*:*:*:*
References (MISC) https://jvn.jp/en/vu/JVNVU96643580/ - (MISC) https://jvn.jp/en/vu/JVNVU96643580/ - Third Party Advisory
References (MISC) https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/ - (MISC) https://www.fujitsu.com/jp/products/network/support/2023/fjlan-01/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Fujitsu si-r G120 Firmware
Fujitsu si-r570b
Fujitsu si-r G210
Fujitsu si-r 90brin
Fujitsu si-r G200b Firmware
Fujitsu si-r570b Firmware
Fujitsu sr-m 50ap1 Firmware
Fujitsu si-r G110b Firmware
Fujitsu si-r 130b
Fujitsu si-r G210 Firmware
Fujitsu si-r G100b Firmware
Fujitsu si-r G120
Fujitsu si-r 130b Firmware
Fujitsu si-r220d
Fujitsu si-r G100
Fujitsu si-r 30b Firmware
Fujitsu si-r370b Firmware
Fujitsu si-r G211
Fujitsu si-r G121 Firmware
Fujitsu si-r G211 Firmware
Fujitsu si-r G200b
Fujitsu si-r G100b
Fujitsu si-r G121
Fujitsu si-r 30b
Fujitsu si-r370b
Fujitsu sr-m 50ap1
Fujitsu si-r220d Firmware
Fujitsu si-r G200
Fujitsu
Fujitsu si-r G100 Firmware
Fujitsu si-r G110b
Fujitsu si-r 90brin Firmware
Fujitsu si-r G200 Firmware

26 Jul 2023, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-26 08:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-38555

Mitre link : CVE-2023-38555

CVE.ORG link : CVE-2023-38555

JSON object : View

Products Affected

fujitsu

  • si-r_g210_firmware
  • si-r_g120
  • si-r220d
  • si-r_g121
  • si-r220d_firmware
  • si-r_g200
  • si-r370b_firmware
  • si-r_g100b
  • si-r_g200b_firmware
  • si-r_g211_firmware
  • si-r_g100b_firmware
  • si-r_30b
  • si-r_g120_firmware
  • si-r570b_firmware
  • si-r_130b
  • sr-m_50ap1
  • si-r_90brin_firmware
  • si-r_g100_firmware
  • sr-m_50ap1_firmware
  • si-r_g200b
  • si-r_30b_firmware
  • si-r_g121_firmware
  • si-r_130b_firmware
  • si-r_g110b_firmware
  • si-r_g211
  • si-r570b
  • si-r_90brin
  • si-r370b
  • si-r_g210
  • si-r_g200_firmware
  • si-r_g100
  • si-r_g110b
CWE
CWE-287

Improper Authentication