{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-38433","assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","state":"PUBLISHED","assignerShortName":"jpcert","dateReserved":"2023-07-18T00:32:29.582Z","datePublished":"2023-07-26T07:44:04.302Z","dateUpdated":"2024-10-23T14:50:47.908Z"},"containers":{"cna":{"affected":[{"vendor":"Fujitsu Limited ","product":"IP-HE950E","versions":[{"version":"firmware versions V01L001 to V01L053","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-HE950D","versions":[{"version":"firmware versions V01L001 to V01L053","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-HE900E","versions":[{"version":"firmware versions V01L001 to V01L010","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-HE900D","versions":[{"version":"firmware versions V01L001 to V01L004","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-900E / IP-920E","versions":[{"version":"firmware versions V01L001 to V02L061","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-900D / IP-900ⅡD / IP-920D","versions":[{"version":"firmware versions V01L001 to V02L061","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-90","versions":[{"version":"firmware versions V01L001 to V01L013","status":"affected"}]},{"vendor":"Fujitsu Limited ","product":"IP-9610","versions":[{"version":"firmware versions V01L001 to V02L007","status":"affected"}]}],"descriptions":[{"lang":"en","value":"Fujitsu Real-time Video Transmission Gear \"IP series\" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900ⅡD / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007."}],"problemTypes":[{"descriptions":[{"description":"Use of Hard-coded Credentials","lang":"en","type":"text"}]}],"references":[{"url":"https://www.fujitsu.com/global/products/computing/peripheral/video/download/"},{"url":"https://jvn.jp/en/jp/JVN95727578/"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2023-07-26T07:44:04.302Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:39:13.693Z"},"title":"CVE Program Container","references":[{"url":"https://www.fujitsu.com/global/products/computing/peripheral/video/download/","tags":["x_transferred"]},{"url":"https://jvn.jp/en/jp/JVN95727578/","tags":["x_transferred"]}]},{"affected":[{"vendor":"fujitsu","product":"ip-he950e","cpes":["cpe:2.3:h:fujitsu:ip-he950e:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"V01L001","status":"affected","lessThanOrEqual":"V01L053","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-he950d_firmware","cpes":["cpe:2.3:o:fujitsu:ip-he950d_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V01L053","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-he900e_firmware","cpes":["cpe:2.3:o:fujitsu:ip-he900e_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V01L010","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-he900d_firmware","cpes":["cpe:2.3:o:fujitsu:ip-he900d_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V01L004","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-900e_firmware","cpes":["cpe:2.3:o:fujitsu:ip-900e_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V02L061","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-920e_firmware","cpes":["cpe:2.3:o:fujitsu:ip-920e_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V02L061","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-900d_firmware","cpes":["cpe:2.3:o:fujitsu:ip-900d_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V02L061","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-900iid_firmware","cpes":["cpe:2.3:o:fujitsu:ip-900iid_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V02L061","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-920d_firmware","cpes":["cpe:2.3:o:fujitsu:ip-920d_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V02L061","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-90","cpes":["cpe:2.3:o:fujitsu:ip-90:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"V01L001","status":"affected","lessThanOrEqual":"V01L013","versionType":"custom"}]},{"vendor":"fujitsu","product":"ip-9610_firmware","cpes":["cpe:2.3:o:fujitsu:ip-9610_firmware:v01l001:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"v01l001","status":"affected","lessThanOrEqual":"V02L007","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:27:21.919772Z","id":"CVE-2023-38433","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:50:47.908Z"}}]}}