2023-08-09 04:00:45 +00:00
{
"id" : "CVE-2023-39341" ,
"sourceIdentifier" : "vultures@jpcert.or.jp" ,
"published" : "2023-08-09T03:15:43.870" ,
2023-08-22 23:55:35 +00:00
"lastModified" : "2023-08-22T22:14:48.750" ,
"vulnStatus" : "Analyzed" ,
2023-08-09 04:00:45 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."
}
] ,
2023-08-22 23:55:35 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 3.3 ,
"baseSeverity" : "LOW"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-755"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ffri:dual_safe:1.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20EF112B-225F-4880-B7A0-6C4AE9945E2D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ffri:ffri_yarai:*:*:*:*:-:*:*:*" ,
"versionStartIncluding" : "3.4.0" ,
"versionEndIncluding" : "3.4.6" ,
"matchCriteriaId" : "A44E7B03-2512-498B-9D21-38B19A97A336"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ffri:ffri_yarai:1.4.0:*:*:*:home_and_business:*:*:*" ,
"matchCriteriaId" : "4AFD814C-9F3F-4E56-A24F-5650A171E3E9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ffri:ffri_yarai:3.5.0:*:*:*:-:*:*:*" ,
"matchCriteriaId" : "41317723-07EF-4911-B340-9D32B71F897C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:soliton:infotrace_mark_ii_malware_protection:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.0.1" ,
"versionEndIncluding" : "3.2.2" ,
"matchCriteriaId" : "AB0991A6-F9EA-4ABD-BAEB-DD39EF595291"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:soliton:zerona:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.2.32" ,
"versionEndIncluding" : "3.2.36" ,
"matchCriteriaId" : "E74EF415-FD34-44F9-B77C-1A221E29C73F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:soliton:zerona_plus:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.2.32" ,
"versionEndIncluding" : "3.2.36" ,
"matchCriteriaId" : "F55621CC-7C6C-4837-92EC-AE7A52260D17"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nec:actsecure_x_managed_security_service:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.4.0" ,
"versionEndIncluding" : "3.4.6" ,
"matchCriteriaId" : "4419A375-07A3-4AC9-8DF7-3EB6AE6E6BC6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nec:actsecure_x_managed_security_service:3.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "78EEA207-0F94-4DA9-AF86-8507571D378A"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:skygroup:edr_plus_pack:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.4.0" ,
"versionEndIncluding" : "3.4.6" ,
"matchCriteriaId" : "862B4D6B-D084-4393-8B96-108F676BADA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:skygroup:edr_plus_pack:3.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2D3D3C5F-A7D1-428C-8A27-A10062C53FF2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:skygroup:edr_plus_pack_cloud:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.4.0" ,
"versionEndIncluding" : "3.4.6" ,
"matchCriteriaId" : "20F70879-2C78-47E4-AE0B-B4EAD74D1C4C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6CF54F00-D3EA-4E54-8590-8CA0BD37FF17"
}
]
}
]
}
] ,
2023-08-09 04:00:45 +00:00
"references" : [
{
"url" : "https://jvn.jp/en/jp/JVN42527152/" ,
2023-08-22 23:55:35 +00:00
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Third Party Advisory"
]
2023-08-09 04:00:45 +00:00
} ,
{
"url" : "https://www.ffri.jp/security-info/index.htm" ,
2023-08-22 23:55:35 +00:00
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Vendor Advisory"
]
2023-08-09 04:00:45 +00:00
} ,
{
"url" : "https://www.skyseaclientview.net/news/230807_01/" ,
2023-08-22 23:55:35 +00:00
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Third Party Advisory"
]
2023-08-09 04:00:45 +00:00
} ,
{
"url" : "https://www.soliton.co.jp/support/zerona_notice_2023.html" ,
2023-08-22 23:55:35 +00:00
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Third Party Advisory"
]
2023-08-09 04:00:45 +00:00
} ,
{
"url" : "https://www.sourcenext.com/support/i/2023/230718_01" ,
2023-08-22 23:55:35 +00:00
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Third Party Advisory"
]
2023-08-09 04:00:45 +00:00
} ,
{
"url" : "https://www.support.nec.co.jp/View.aspx?id=3140109240" ,
2023-08-22 23:55:35 +00:00
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Permissions Required"
]
2023-08-09 04:00:45 +00:00
}
]
}
