Decryption of Encrypted Communication through Timing Discrepancy
CVE-2024-39921

7.5HIGH

Key Information:

Vendor: Fsas Technologies Inc.
Status: Ipcom Ex2 Series; Ipcom Ve2 Series
Vendor: CVE Published:; 4 September 2024

🔔 Create Fsas Technologies Inc. Vulnerability Alert

What is CVE-2024-39921?

The vulnerability presents itself as a timing discrepancy issue within Fujitsu's IPCOM EX2 and VE2 Series products. This flaw allows an attacker to exploit the timing discrepancies to potentially decrypt sections of encrypted communications. The affected products range from specific release versions in the IPCOM EX2 Series to particular models within the VE2 Series. This poses a significant risk, as the integrity and confidentiality of transmitted data can be compromised, enabling unauthorized access to sensitive communications.

Affected Version(s)

IPCOM EX2 Series V01L02NF0001 to V01L06NF0401

IPCOM EX2 Series V01L20NF0001 to V01L20NF0401

IPCOM EX2 Series V02L20NF0001 to V02L21NF0301

References

https://www.fujitsu.com/jp/products/network/support/2024/...

https://jvn.jp/en/jp/JVN29238389/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024
Vulnerability Reserved
Jul 3, 2024

CVE-2024-39921 Data

JSON