1. Home
  2. CVE Database
  3. CVE-2024-39921
HIGH · 7.5

CVE-2024-39921

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF01...

Vulnerability Description

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
FujitsuIpcom Ve2 Ls 100 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls 100-
FujitsuIpcom Ve2 Ls 200 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls 200-
FujitsuIpcom Ve2 Ls 220 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls 220-
FujitsuIpcom Ve2 Ls Plus 100 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls Plus 100-
FujitsuIpcom Ve2 Ls Plus 200 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls Plus 200-
FujitsuIpcom Ve2 Ls Plus 220 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls Plus 220-
FujitsuIpcom Ve2 Ls Plus2 200 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls Plus2 200-
FujitsuIpcom Ve2 Ls Plus2 220 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Ls Plus2 220-
FujitsuIpcom Ve2 Sc Plus 100 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Sc Plus 100-
FujitsuIpcom Ve2 Sc Plus 200 Firmware>= v01l04nf0001, <= v01l06nf0112
FujitsuIpcom Ve2 Sc Plus 200-

Related Weaknesses (CWE)

CWE-203

References

FAQ

What is CVE-2024-39921?

CVE-2024-39921 is a vulnerability with a CVSS score of 7.5 (HIGH). Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF01...

How severe is CVE-2024-39921?

CVE-2024-39921 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39921?

Check the references section above for vendor advisories and patch information. Affected products include: Fujitsu Ipcom Ve2 Ls 100 Firmware, Fujitsu Ipcom Ve2 Ls 100, Fujitsu Ipcom Ve2 Ls 200 Firmware, Fujitsu Ipcom Ve2 Ls 200, Fujitsu Ipcom Ve2 Ls 220 Firmware.