JVN#25594256
Denial-of-service (DoS) vulnerability in IPCOM WAF function
Overview
WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability.
Products Affected
- IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier
- IPCOM VE2 Series V01L07NF0201 and earlier
Description
WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability (CWE-908).
Impact
If the product receives a specially crafted packet by an attacker, the system may be rebooted or suspended.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following versions:
- IPCOM EX2 Series (V01L0x Series) V01L07NF0301
- IPCOM VE2 Series V01L07NF0301
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Fsas Technologies Inc. | Vulnerable | 2024/06/12 | Fsas Technologies Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-36454 |
| JVN iPedia |
JVNDB-2024-000062 |