9.8
CRITICAL
CVE-2022-29516
Fujitsu IPCOM Remote OS Command Execution
Description

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.

INFO

Published Date :

May 18, 2022, 3:15 p.m.

Last Modified :

June 1, 2022, 4:58 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2022-29516 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Fujitsu ipcom_ex2_nw_1100_firmware
2 Fujitsu ipcom_ex2_nw_3500_firmware
3 Fujitsu ipcom_ex2_nw_3200_firmware
4 Fujitsu ipcom_ex2_sc_1100_firmware
5 Fujitsu ipcom_ex2_sc_3500_firmware
6 Fujitsu ipcom_ex2_sc_3200_firmware
7 Fujitsu ipcom_ex2_lb_1100_firmware
8 Fujitsu ipcom_ex2_lb_3500_firmware
9 Fujitsu ipcom_ex2_lb_3200_firmware
10 Fujitsu ipcom_ex2_in_1100_firmware
11 Fujitsu ipcom_ex2_in_3200_firmware
12 Fujitsu ipcom_ex2_in_3500_firmware
13 Fujitsu ipcom_ex2_dc_3500_firmware
14 Fujitsu ipcom_ex2_dc_3200_firmware
15 Fujitsu ipcom_ex_in_2300_firmware
16 Fujitsu ipcom_ex_in_2500_firmware
17 Fujitsu ipcom_ex_in_2700_firmware
18 Fujitsu ipcom_ex_lb_1100_firmware
19 Fujitsu ipcom_ex_lb_1300_firmware
20 Fujitsu ipcom_ex_lb_2300_firmware
21 Fujitsu ipcom_ex_lb_2500_firmware
22 Fujitsu ipcom_ex_lb_2700_firmware
23 Fujitsu ipcom_ex_sc_1100_firmware
24 Fujitsu ipcom_ex_sc_1300_firmware
25 Fujitsu ipcom_ex_sc_2300_firmware
26 Fujitsu ipcom_ex_sc_2500_firmware
27 Fujitsu ipcom_ex_sc_2700_firmware
28 Fujitsu ipcom_ex_nw_1100_firmware
29 Fujitsu ipcom_ex_nw_1300_firmware
30 Fujitsu ipcom_ex_nw_2300_firmware
31 Fujitsu ipcom_ex_nw_2500_firmware
32 Fujitsu ipcom_ex_nw_2700_firmware
33 Fujitsu ipcom_ve2_ls_100_firmware
34 Fujitsu ipcom_ve2_ls_200_firmware
35 Fujitsu ipcom_ve2_ls_220_firmware
36 Fujitsu ipcom_ve2_ls_plus_100_firmware
37 Fujitsu ipcom_ve2_ls_plus_200_firmware
38 Fujitsu ipcom_ve2_ls_plus_220_firmware
39 Fujitsu ipcom_ve2_ls_plus2_200_firmware
40 Fujitsu ipcom_ve2_ls_plus2_220_firmware
41 Fujitsu ipcom_ve2_sc_100_firmware
42 Fujitsu ipcom_ve2_sc_200_firmware
43 Fujitsu ipcom_ve2_sc_220_firmware
44 Fujitsu ipcom_ve2_sc_plus_100_firmware
45 Fujitsu ipcom_ve2_sc_plus_200_firmware
46 Fujitsu ipcom_ve2_sc_plus_220_firmware
: Total Affected Vendor : 1 | Products : 46
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-29516.

URL Resource
https://jvn.jp/en/jp/JVN96561229/index.html Third Party Advisory
https://www.fujitsu.com/jp/products/network/support/2022/ipcom-01/ Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-29516 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-29516 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jun. 01, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://jvn.jp/en/jp/JVN96561229/index.html No Types Assigned https://jvn.jp/en/jp/JVN96561229/index.html Third Party Advisory
    Changed Reference Type https://www.fujitsu.com/jp/products/network/support/2022/ipcom-01/ No Types Assigned https://www.fujitsu.com/jp/products/network/support/2022/ipcom-01/ Vendor Advisory
    Added CWE NIST CWE-78
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_nw_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_nw_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_nw_3500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_nw_3500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_nw_3200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_nw_3200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_sc_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_sc_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_sc_3500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_sc_3200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_lb_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_lb_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_lb_3500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_lb_3200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_in_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_in_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_in_3200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v01l05_nf0501 OR cpe:2.3:h:fujitsu:ipcom_ex2_in_3500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_dc_3500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v02l21_nf0201 OR cpe:2.3:h:fujitsu:ipcom_ex2_dc_3500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex2_dc_3200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) v02l21_nf0201 OR cpe:2.3:h:fujitsu:ipcom_ex2_dc_3200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_in_2300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_in_2300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_in_2500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_in_2500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_in_2700_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_in_2700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_lb_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_lb_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_lb_1300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_lb_1300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_lb_2300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_lb_2300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_lb_2500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_lb_2500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_lb_2700_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_lb_2700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_sc_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_sc_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_sc_1300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_sc_1300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_sc_2300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_sc_2300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_sc_2500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_sc_2500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_sc_2700_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_sc_2700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_nw_1100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_nw_1100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_nw_1300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_nw_1300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_nw_2300_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_nw_2300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_nw_2500_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_nw_2500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ex_nw_2700_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ex_nw_2700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_220_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_220:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus_220:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus2_200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_ls_plus2_220:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_sc_100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_sc_100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_sc_200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_sc_200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_sc_220_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_sc_220:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:fujitsu:ipcom_ve2_sc_plus_220_firmware:*:*:*:*:*:*:*:* versions up to (excluding) e20l33_nf1101 OR cpe:2.3:h:fujitsu:ipcom_ve2_sc_plus_220:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-29516 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-29516 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.46 }} 0.02%

score

0.75596

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: