{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39341", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-07-28T09:52:26.677Z", "datePublished": "2023-08-09T02:42:51.631Z", "dateUpdated": "2024-10-17T14:20:49.179Z"}, "containers": {"cna": {"affected": [{"vendor": "FFRI Security, Inc. ", "product": "FFRI yarai", "versions": [{"version": "versions 3.4.0 to 3.4.6 and 3.5.0", "status": "affected"}]}, {"vendor": "FFRI Security, Inc. ", "product": "FFRI yarai Home and Business Edition", "versions": [{"version": "version 1.4.0", "status": "affected"}]}, {"vendor": "Soliton Systems K.K.", "product": "InfoTrace Mark II Malware Protection (Mark II Zerona)", "versions": [{"version": "versions 3.0.1 to 3.2.2", "status": "affected"}]}, {"vendor": "Soliton Systems K.K.", "product": "Zerona / Zerona PLUS", "versions": [{"version": " versions 3.2.32 to 3.2.36", "status": "affected"}]}, {"vendor": "NEC Corporation", "product": "ActSecure \u03c7", "versions": [{"version": "versions 3.4.0 to 3.4.6 and 3.5.0", "status": "affected"}]}, {"vendor": "SOURCENEXT CORPORATION ", "product": "Dual Safe Powered by FFRI yarai", "versions": [{"version": "version 1.4.1", "status": "affected"}]}, {"vendor": "Sky Co., Ltd.", "product": "EDR Plus Pack", "versions": [{"version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0", "status": "affected"}]}, {"vendor": "Sky Co., Ltd.", "product": "EDR Plus Pack Cloud", "versions": [{"version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure \u03c7 versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."}], "problemTypes": [{"descriptions": [{"description": "Improper check or handling of exceptional conditions", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.ffri.jp/security-info/index.htm"}, {"url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"}, {"url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"}, {"url": "https://www.sourcenext.com/support/i/2023/230718_01"}, {"url": "https://www.skyseaclientview.net/news/230807_01/"}, {"url": "https://jvn.jp/en/jp/JVN42527152/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-09T02:42:51.631Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.822Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ffri.jp/security-info/index.htm", "tags": ["x_transferred"]}, {"url": "https://www.soliton.co.jp/support/zerona_notice_2023.html", "tags": ["x_transferred"]}, {"url": "https://www.support.nec.co.jp/View.aspx?id=3140109240", "tags": ["x_transferred"]}, {"url": "https://www.sourcenext.com/support/i/2023/230718_01", "tags": ["x_transferred"]}, {"url": "https://www.skyseaclientview.net/news/230807_01/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN42527152/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T14:20:33.187569Z", "id": "CVE-2023-39341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T14:20:49.179Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ffri.jp/security-info/index.htm", "tags": ["x_transferred"]}, {"url": "https://www.soliton.co.jp/support/zerona_notice_2023.html", "tags": ["x_transferred"]}, {"url": "https://www.support.nec.co.jp/View.aspx?id=3140109240", "tags": ["x_transferred"]}, {"url": "https://www.sourcenext.com/support/i/2023/230718_01", "tags": ["x_transferred"]}, {"url": "https://www.skyseaclientview.net/news/230807_01/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN42527152/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.822Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-17T14:20:33.187569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T14:20:40.669Z"}}], "cna": {"affected": [{"vendor": "FFRI Security, Inc. ", "product": "FFRI yarai", "versions": [{"status": "affected", "version": "versions 3.4.0 to 3.4.6 and 3.5.0"}]}, {"vendor": "FFRI Security, Inc. ", "product": "FFRI yarai Home and Business Edition", "versions": [{"status": "affected", "version": "version 1.4.0"}]}, {"vendor": "Soliton Systems K.K.", "product": "InfoTrace Mark II Malware Protection (Mark II Zerona)", "versions": [{"status": "affected", "version": "versions 3.0.1 to 3.2.2"}]}, {"vendor": "Soliton Systems K.K.", "product": "Zerona / Zerona PLUS", "versions": [{"status": "affected", "version": " versions 3.2.32 to 3.2.36"}]}, {"vendor": "NEC Corporation", "product": "ActSecure \u03c7", "versions": [{"status": "affected", "version": "versions 3.4.0 to 3.4.6 and 3.5.0"}]}, {"vendor": "SOURCENEXT CORPORATION ", "product": "Dual Safe Powered by FFRI yarai", "versions": [{"status": "affected", "version": "version 1.4.1"}]}, {"vendor": "Sky Co., Ltd.", "product": "EDR Plus Pack", "versions": [{"status": "affected", "version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0"}]}, {"vendor": "Sky Co., Ltd.", "product": "EDR Plus Pack Cloud", "versions": [{"status": "affected", "version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0"}]}], "references": [{"url": "https://www.ffri.jp/security-info/index.htm"}, {"url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"}, {"url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"}, {"url": "https://www.sourcenext.com/support/i/2023/230718_01"}, {"url": "https://www.skyseaclientview.net/news/230807_01/"}, {"url": "https://jvn.jp/en/jp/JVN42527152/"}], "descriptions": [{"lang": "en", "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure \u03c7 versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper check or handling of exceptional conditions"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-09T02:42:51.631Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39341", "state": "PUBLISHED", "dateUpdated": "2024-10-17T14:20:49.179Z", "dateReserved": "2023-07-28T09:52:26.677Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-08-09T02:42:51.631Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffri:dual_safe:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "20EF112B-225F-4880-B7A0-6C4AE9945E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffri:ffri_yarai:*:*:*:*:-:*:*:*", "matchCriteriaId": "A44E7B03-2512-498B-9D21-38B19A97A336", "versionEndIncluding": "3.4.6", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffri:ffri_yarai:1.4.0:*:*:*:home_and_business:*:*:*", "matchCriteriaId": "4AFD814C-9F3F-4E56-A24F-5650A171E3E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffri:ffri_yarai:3.5.0:*:*:*:-:*:*:*", "matchCriteriaId": "41317723-07EF-4911-B340-9D32B71F897C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:soliton:infotrace_mark_ii_malware_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB0991A6-F9EA-4ABD-BAEB-DD39EF595291", "versionEndIncluding": "3.2.2", "versionStartIncluding": "3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:soliton:zerona:*:*:*:*:*:*:*:*", "matchCriteriaId": "E74EF415-FD34-44F9-B77C-1A221E29C73F", "versionEndIncluding": "3.2.36", "versionStartIncluding": "3.2.32", "vulnerable": true}, {"criteria": "cpe:2.3:a:soliton:zerona_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "F55621CC-7C6C-4837-92EC-AE7A52260D17", "versionEndIncluding": "3.2.36", "versionStartIncluding": "3.2.32", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nec:actsecure_x_managed_security_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "4419A375-07A3-4AC9-8DF7-3EB6AE6E6BC6", "versionEndIncluding": "3.4.6", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nec:actsecure_x_managed_security_service:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "78EEA207-0F94-4DA9-AF86-8507571D378A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:skygroup:edr_plus_pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "862B4D6B-D084-4393-8B96-108F676BADA3", "versionEndIncluding": "3.4.6", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:skygroup:edr_plus_pack:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D3D3C5F-A7D1-428C-8A27-A10062C53FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:skygroup:edr_plus_pack_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "20F70879-2C78-47E4-AE0B-B4EAD74D1C4C", "versionEndIncluding": "3.4.6", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CF54F00-D3EA-4E54-8590-8CA0BD37FF17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure \u03c7 versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."}], "id": "CVE-2023-39341", "lastModified": "2024-11-21T08:15:11.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-09T03:15:43.870", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN42527152/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.ffri.jp/security-info/index.htm"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://www.skyseaclientview.net/news/230807_01/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://www.sourcenext.com/support/i/2023/230718_01"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required"], "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN42527152/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ffri.jp/security-info/index.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.skyseaclientview.net/news/230807_01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.sourcenext.com/support/i/2023/230718_01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}