CVE-2023-38433

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-07-18 CVE Reserved
2023-07-26 CVE Published
2024-08-27 EPSS Updated
2024-10-23 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (2)

URL	Tag	Source
https://jvn.jp/en/jp/JVN95727578	Third Party Advisory
https://www.fujitsu.com/global/products/computing/peripheral/video/download	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Fujitsu Search vendor "Fujitsu"	Ip-he950e Firmware Search vendor "Fujitsu" for product "Ip-he950e Firmware"	>= v01l001 <= v01l053 Search vendor "Fujitsu" for product "Ip-he950e Firmware" and version " >= v01l001 <= v01l053"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-he950e Search vendor "Fujitsu" for product "Ip-he950e"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-he950d Firmware Search vendor "Fujitsu" for product "Ip-he950d Firmware"	>= v01l001 <= v01l053 Search vendor "Fujitsu" for product "Ip-he950d Firmware" and version " >= v01l001 <= v01l053"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-he950d Search vendor "Fujitsu" for product "Ip-he950d"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-he900e Firmware Search vendor "Fujitsu" for product "Ip-he900e Firmware"	>= v01l001 <= v01l010 Search vendor "Fujitsu" for product "Ip-he900e Firmware" and version " >= v01l001 <= v01l010"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-he900e Search vendor "Fujitsu" for product "Ip-he900e"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-he900d Firmware Search vendor "Fujitsu" for product "Ip-he900d Firmware"	>= v01l001 <= v01l004 Search vendor "Fujitsu" for product "Ip-he900d Firmware" and version " >= v01l001 <= v01l004"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-he900d Search vendor "Fujitsu" for product "Ip-he900d"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-900e Firmware Search vendor "Fujitsu" for product "Ip-900e Firmware"	>= v01l001 <= v02l061 Search vendor "Fujitsu" for product "Ip-900e Firmware" and version " >= v01l001 <= v02l061"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-900e Search vendor "Fujitsu" for product "Ip-900e"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-920e Firmware Search vendor "Fujitsu" for product "Ip-920e Firmware"	>= v01l001 <= v02l061 Search vendor "Fujitsu" for product "Ip-920e Firmware" and version " >= v01l001 <= v02l061"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-920e Search vendor "Fujitsu" for product "Ip-920e"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-900d Firmware Search vendor "Fujitsu" for product "Ip-900d Firmware"	>= v01l001 <= v02l061 Search vendor "Fujitsu" for product "Ip-900d Firmware" and version " >= v01l001 <= v02l061"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-900d Search vendor "Fujitsu" for product "Ip-900d"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-900iid Firmware Search vendor "Fujitsu" for product "Ip-900iid Firmware"	>= v01l001 <= v02l061 Search vendor "Fujitsu" for product "Ip-900iid Firmware" and version " >= v01l001 <= v02l061"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-900iid Search vendor "Fujitsu" for product "Ip-900iid"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-920d Firmware Search vendor "Fujitsu" for product "Ip-920d Firmware"	>= v01l001 <= v02l061 Search vendor "Fujitsu" for product "Ip-920d Firmware" and version " >= v01l001 <= v02l061"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-920d Search vendor "Fujitsu" for product "Ip-920d"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-90 Firmware Search vendor "Fujitsu" for product "Ip-90 Firmware"	>= v01l001 <= v01l013 Search vendor "Fujitsu" for product "Ip-90 Firmware" and version " >= v01l001 <= v01l013"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-90 Search vendor "Fujitsu" for product "Ip-90"	-	-	Safe
Fujitsu Search vendor "Fujitsu"	Ip-9610 Firmware Search vendor "Fujitsu" for product "Ip-9610 Firmware"	>= v01l001 <= v02l007 Search vendor "Fujitsu" for product "Ip-9610 Firmware" and version " >= v01l001 <= v02l007"	-	Affected	in	Fujitsu Search vendor "Fujitsu"	Ip-9610 Search vendor "Fujitsu" for product "Ip-9610"	-	-	Safe