{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47397", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-12-10T07:10:15.313Z", "datePublished": "2024-12-18T06:35:16.031Z", "dateUpdated": "2024-12-18T14:58:49.381Z"}, "containers": {"cna": {"affected": [{"vendor": "FXC Inc.", "product": "AE1021", "versions": [{"version": "firmware versions 2.0.10 and earlier", "status": "affected"}]}, {"vendor": "FXC Inc.", "product": "AE1021PE", "versions": [{"version": "firmware versions 2.0.10 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string."}], "problemTypes": [{"descriptions": [{"description": "Weak authentication", "lang": "en-US", "cweId": "CWE-1390", "type": "CWE"}]}], "references": [{"url": "https://www.fxc.jp/news/20241213"}, {"url": "https://jvn.jp/en/vu/JVNVU91084137/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-12-18T06:35:16.031Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-18T14:58:36.329686Z", "id": "CVE-2024-47397", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:58:49.381Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47397", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-18T14:58:36.329686Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:58:43.132Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "FXC Inc.", "product": "AE1021", "versions": [{"status": "affected", "version": "firmware versions 2.0.10 and earlier"}]}, {"vendor": "FXC Inc.", "product": "AE1021PE", "versions": [{"status": "affected", "version": "firmware versions 2.0.10 and earlier"}]}], "references": [{"url": "https://www.fxc.jp/news/20241213"}, {"url": "https://jvn.jp/en/vu/JVNVU91084137/"}], "descriptions": [{"lang": "en", "value": "Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-1390", "description": "Weak authentication"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-12-18T06:35:16.031Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47397", "state": "PUBLISHED", "dateUpdated": "2024-12-18T14:58:49.381Z", "dateReserved": "2024-12-10T07:10:15.313Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-12-18T06:35:16.031Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string."}], "id": "CVE-2024-47397", "lastModified": "2024-12-18T07:15:07.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2024-12-18T07:15:07.847", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU91084137/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.fxc.jp/news/20241213"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1390"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}