#VU68869 Unprotected storage of credentials in +F FS040U - CVE-2022-43442

Cybersecurity Help s.r.o.

Published: 2022-11-01

Vulnerability identifier: #VU68869

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-43442

CWE-ID: CWE-256

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
+F FS040U
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: FUJISOFT INCORPORATED

Description

The vulnerability allows a local attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. An attacker with physical access can obtain the login password and log in to the management console.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

+F FS040U: 2.3.4

External links
https://jvn.jp/en/jp/JVN74285622/index.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in FUJI SOFT network devices