CVE-2024-40617
Published: 17 July 2024
Summary
CVE-2024-40617 is a medium-severity Path Traversal (CWE-22) vulnerability in Fujitsu Network Edgiot Gw1500 Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-40617 is a path traversal vulnerability, tracked under CWE-22, that affects the FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). The flaw permits a remote authenticated user to submit a crafted request that reaches files outside intended directories, exposing sensitive information stored on the device.
An attacker who already possesses User Class credentials can exploit the issue over the network with low attack complexity. Successful traversal grants access to restricted files, which in turn allows the attacker to obtain Administrator Class privileges on the affected gateway.
Vendor advisories published by Fujitsu and coordinated through JVN direct administrators to the firmware update pages at fenics.fujitsu.com for remediation steps and patched releases. The EPSS score has remained flat at 0.1699 since disclosure, indicating no observed surge in exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38543
Vulnerability details
Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As…
more
a result, Administrator Class privileges of the product may be hijacked.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.