Vulnerability Details : CVE-2023-38433
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.
Products affected by CVE-2023-38433
- Fujitsu » Ip-he950e FirmwareVersions from including (>=) v01l001 and up to, including, (<=) v01l053cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*
- Fujitsu » Ip-he950d FirmwareVersions from including (>=) v01l001 and up to, including, (<=) v01l053cpe:2.3:o:fujitsu:ip-he950d_firmware:*:*:*:*:*:*:*:*
- Fujitsu » Ip-he900e FirmwareVersions from including (>=) v01l001 and up to, including, (<=) v01l010cpe:2.3:o:fujitsu:ip-he900e_firmware:*:*:*:*:*:*:*:*
- Fujitsu » Ip-he900d FirmwareVersions from including (>=) v01l001 and up to, including, (<=) v01l004cpe:2.3:o:fujitsu:ip-he900d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:ip-900e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:ip-920e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:ip-900d_firmware:*:*:*:*:*:*:*:*
- Fujitsu » Ip-900iid FirmwareVersions from including (>=) v01l001 and up to, including, (<=) v02l061cpe:2.3:o:fujitsu:ip-900iid_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:ip-920d_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:ip-90_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:fujitsu:ip-9610_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-38433
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-38433
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-38433
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-38433
-
https://jvn.jp/en/jp/JVN95727578/
JVN#95727578: Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentialsThird Party Advisory
-
https://www.fujitsu.com/global/products/computing/peripheral/video/download/
Video Products : Fujitsu GlobalProduct
Jump to