CVE-2024-40617

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fujitsu:network_edgiot_gw1500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:network_edgiot_gw1500:-:*:*:*:*:*:*:*

History

10 Sep 2024, 13:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Fujitsu
Fujitsu network Edgiot Gw1500
Fujitsu network Edgiot Gw1500 Firmware
Summary
  • (es) Existe una vulnerabilidad de path traversal en FUJITSU Network Edgiot GW1500 (M2M-GW para FENICS). Si un atacante remoto autenticado con privilegios de clase de usuario envía una solicitud especialmente manipulada al producto afectado, se puede acceder a archivos restringidos que contienen información confidencial. Como resultado, se pueden secuestrar los privilegios de clase de administrador del producto.
CWE CWE-22
References () https://fenics.fujitsu.com/networkservice/m2m/download/update-m.html - () https://fenics.fujitsu.com/networkservice/m2m/download/update-m.html - Permissions Required
References () https://jvn.jp/en/jp/JVN25583987/ - () https://jvn.jp/en/jp/JVN25583987/ - Third Party Advisory
CPE cpe:2.3:o:fujitsu:network_edgiot_gw1500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:network_edgiot_gw1500:-:*:*:*:*:*:*:*

17 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-17 09:15

Updated : 2024-10-29 20:35


NVD link : CVE-2024-40617

Mitre link : CVE-2024-40617

CVE.ORG link : CVE-2024-40617


JSON object : View

Products Affected

fujitsu

  • network_edgiot_gw1500
  • network_edgiot_gw1500_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')