CVE-2023-38555

Name of the Vulnerable Software and Affected Versions Fujitsu Si-R 30B all versions Fujitsu Si-R 130B all versions Fujitsu Si-R 90brin all versions Fujitsu Si-R570B all versions Fujitsu Si-R370B all versions Fujitsu Si-R220D all versions Fujitsu Si-R G100 versions V02.54 and earlier Fujitsu Si-R G200 versions V02.54 and earlier Fujitsu Si-R G100B versions V04.12 and earlier Fujitsu Si-R G110B versions V04.12 and earlier Fujitsu Si-R G200B versions V04.12 and earlier Fujitsu Si-R G210 versions V20.52 and earlier Fujitsu Si-R G211 versions V20.52 and earlier Fujitsu Si-R G120 versions V20.52 and earlier Fujitsu Si-R G121 versions V20.52 and earlier Fujitsu SR-M 50AP1 all versions

Description The issue is related to an authentication bypass vulnerability in Fujitsu network devices, specifically the Si-R series and SR-M series. This vulnerability allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. The vulnerability is associated with weaknesses in the authentication procedure, which can be exploited by a remote attacker to bypass the authentication process.

Recommendations For Fujitsu Si-R 30B, update to a version later than the affected ones. For Fujitsu Si-R 130B, update to a version later than the affected ones. For Fujitsu Si-R 90brin, update to a version later than the affected ones. For Fujitsu Si-R570B, update to a version later than the affected ones. For Fujitsu Si-R370B, update to a version later than the affected ones. For Fujitsu Si-R220D, update to a version later than the affected ones. For Fujitsu Si-R G100, update to a version later than V02.54. For Fujitsu Si-R G200, update to a version later than V02.54. For Fujitsu Si-R G100B, update to a version later than V04.12. For Fujitsu Si-R G110B, update to a version later than V04.12. For Fujitsu Si-R G200B, update to a version later than V04.12. For Fujitsu Si-R G210, update to a version later than V20.52. For Fujitsu Si-R G211, update to a version later than V20.52. For Fujitsu Si-R G120, update to a version later than V20.52. For Fujitsu Si-R G121, update to a version later than V20.52. For Fujitsu SR-M 50AP1, update to a version later than the affected ones. As a temporary workaround, consider restricting access to the vulnerable devices until a patch is available.