Authentication Bypass Vulnerability in Fujitsu Network Devices Si-R and SR-M Series
CVE-2023-38555

8.8HIGH

Key Information:

Vendor: Fujitsu Limited
Status: Si-r 30b; Si-r 130b; Si-r 90brin; Si-r570b
Vendor: CVE Published:; 26 July 2023

🔔 Create Fujitsu Limited Vulnerability Alert

What is CVE-2023-38555?

An authentication bypass vulnerability has been identified in Fujitsu's Si-R and SR-M series network devices, which permits network-adjacent unauthenticated attackers to gain unauthorized access to these devices. By exploiting this flaw, attackers can obtain, alter, or reset sensitive configuration settings, potentially compromising the integrity and functionality of the affected devices. The impacted products include various models across the Si-R and SR-M series, making it essential for users to apply patches or mitigations provided by Fujitsu to secure their network infrastructure.

Affected Version(s)

Si-R 130B All versions

Si-R 30B All versions

Si-R 90brin All versions

References

https://www.fujitsu.com/jp/products/network/support/2023/...

https://jvn.jp/en/vu/JVNVU96643580/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jul 20, 2023

JSON