CVE-2023-39341 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2023-39341?

CVE-2023-39341 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-39341?

Check the references section above for vendor advisories and patch information. Affected products include: Ffri Dual Safe, Ffri Ffri Yarai, Soliton Infotrace Mark Ii Malware Protection, Soliton Zerona, Soliton Zerona Plus.

Vulnerability Description

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Ffri	Dual Safe	1.4.1
Ffri	Ffri Yarai	>= 3.4.0, <= 3.4.6
Soliton	Infotrace Mark Ii Malware Protection	>= 3.0.1, <= 3.2.2
Soliton	Zerona	>= 3.2.32, <= 3.2.36
Soliton	Zerona Plus	>= 3.2.32, <= 3.2.36
Nec	Actsecure X Managed Security Service	>= 3.4.0, <= 3.4.6
Skygroup	Edr Plus Pack	>= 3.4.0, <= 3.4.6
Skygroup	Edr Plus Pack Cloud	>= 3.4.0, <= 3.4.6

Related Weaknesses (CWE)

CWE-755

References

https://jvn.jp/en/jp/JVN42527152/Third Party Advisory
https://www.ffri.jp/security-info/index.htmVendor Advisory
https://www.skyseaclientview.net/news/230807_01/Third Party Advisory
https://www.soliton.co.jp/support/zerona_notice_2023.htmlThird Party Advisory
https://www.sourcenext.com/support/i/2023/230718_01Third Party Advisory
https://www.support.nec.co.jp/View.aspx?id=3140109240Permissions Required
https://jvn.jp/en/jp/JVN42527152/Third Party Advisory
https://www.ffri.jp/security-info/index.htmVendor Advisory
https://www.skyseaclientview.net/news/230807_01/Third Party Advisory
https://www.soliton.co.jp/support/zerona_notice_2023.htmlThird Party Advisory
https://www.sourcenext.com/support/i/2023/230718_01Third Party Advisory
https://www.support.nec.co.jp/View.aspx?id=3140109240Permissions Required

FAQ

What is CVE-2023-39341?

CVE-2023-39341 is a vulnerability with a CVSS score of 3.3 (LOW). "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versi...

How severe is CVE-2023-39341?

CVE-2023-39341 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39341?

Check the references section above for vendor advisories and patch information. Affected products include: Ffri Dual Safe, Ffri Ffri Yarai, Soliton Infotrace Mark Ii Malware Protection, Soliton Zerona, Soliton Zerona Plus.