Cyber Resilience

CVE-2024-39921

High

Published: 04 September 2024

Published
04 September 2024
Modified
13 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0040 61.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39921 is a high-severity Observable Discrepancy (CWE-203) vulnerability in Fujitsu Ipcom Ex2 In 3200 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 38.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an…

more

attacker who can obtain the contents of the communication.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fujitsu
ipcom ve2 ls 100 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls 200 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls 220 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls plus 100 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls plus 200 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls plus 220 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls plus2 200 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 ls plus2 220 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 sc plus 100 firmware
v01l04nf0001 — v01l06nf0112
fujitsu
ipcom ve2 sc plus 200 firmware
v01l04nf0001 — v01l06nf0112
+9 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-203

Misdirection can normalize or falsify responses to eliminate observable discrepancies that aid reconnaissance.

addresses: CWE-203

Observable discrepancies in system behavior can be modulated to create covert storage or timing channels; the required analysis detects and constrains such avenues.

addresses: CWE-203

Prevents attackers from using observable differences in error responses to infer internal system details or state.

References