CVE-2023-38433 — HIGH (7.5)

Q: How severe is CVE-2023-38433?

CVE-2023-38433 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-38433?

Check the references section above for vendor advisories and patch information. Affected products include: Fujitsu Ip-He950E Firmware, Fujitsu Ip-He950E, Fujitsu Ip-He950D Firmware, Fujitsu Ip-He950D, Fujitsu Ip-He900E Firmware.

Vulnerability Description

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fujitsu	Ip-He950E Firmware	>= v01l001, <= v01l053
Fujitsu	Ip-He950E	-
Fujitsu	Ip-He950D Firmware	>= v01l001, <= v01l053
Fujitsu	Ip-He950D	-
Fujitsu	Ip-He900E Firmware	>= v01l001, <= v01l010
Fujitsu	Ip-He900E	-
Fujitsu	Ip-He900D Firmware	>= v01l001, <= v01l004
Fujitsu	Ip-He900D	-
Fujitsu	Ip-900E Firmware	>= v01l001, <= v02l061
Fujitsu	Ip-900E	-
Fujitsu	Ip-920E Firmware	>= v01l001, <= v02l061
Fujitsu	Ip-920E	-
Fujitsu	Ip-900D Firmware	>= v01l001, <= v02l061
Fujitsu	Ip-900D	-
Fujitsu	Ip-900Iid Firmware	>= v01l001, <= v02l061
Fujitsu	Ip-900Iid	-
Fujitsu	Ip-920D Firmware	>= v01l001, <= v02l061
Fujitsu	Ip-920D	-
Fujitsu	Ip-90 Firmware	>= v01l001, <= v01l013
Fujitsu	Ip-90	-

Related Weaknesses (CWE)

CWE-798

References

https://jvn.jp/en/jp/JVN95727578/Third Party Advisory
https://www.fujitsu.com/global/products/computing/peripheral/video/download/Product
https://jvn.jp/en/jp/JVN95727578/Third Party Advisory
https://www.fujitsu.com/global/products/computing/peripheral/video/download/Product

FAQ

What is CVE-2023-38433?

CVE-2023-38433 is a vulnerability with a CVSS score of 7.5 (HIGH). Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the...

How severe is CVE-2023-38433?

CVE-2023-38433 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-38433?

Check the references section above for vendor advisories and patch information. Affected products include: Fujitsu Ip-He950E Firmware, Fujitsu Ip-He950E, Fujitsu Ip-He950D Firmware, Fujitsu Ip-He950D, Fujitsu Ip-He900E Firmware.