ByteOS Network

NVD Vulnerability Details :

CVE-2023-39341

Modified

Source-vultures@jpcert.or.jp

Published At-09 Aug, 2023 | 03:15

Updated At-07 Nov, 2023 | 04:17

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Type: Primary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CPE Matches

ffri>>dual_safe>>1.4.1

cpe:2.3:a:ffri:dual_safe:1.4.1:*:*:*:*:*:*:*

ffri>>ffri_yarai>>Versions from 3.4.0(inclusive) to 3.4.6(inclusive)

cpe:2.3:a:ffri:ffri_yarai:*:*:*:*:-:*:*:*

ffri>>ffri_yarai>>1.4.0

cpe:2.3:a:ffri:ffri_yarai:1.4.0:*:*:*:home_and_business:*:*:*

ffri>>ffri_yarai>>3.5.0

cpe:2.3:a:ffri:ffri_yarai:3.5.0:*:*:*:-:*:*:*

soliton>>infotrace_mark_ii_malware_protection>>Versions from 3.0.1(inclusive) to 3.2.2(inclusive)

cpe:2.3:a:soliton:infotrace_mark_ii_malware_protection:*:*:*:*:*:*:*:*

soliton>>zerona>>Versions from 3.2.32(inclusive) to 3.2.36(inclusive)

cpe:2.3:a:soliton:zerona:*:*:*:*:*:*:*:*

soliton>>zerona_plus>>Versions from 3.2.32(inclusive) to 3.2.36(inclusive)

cpe:2.3:a:soliton:zerona_plus:*:*:*:*:*:*:*:*

NEC Corporation

>>actsecure_x_managed_security_service>>Versions from 3.4.0(inclusive) to 3.4.6(inclusive)

cpe:2.3:a:nec:actsecure_x_managed_security_service:*:*:*:*:*:*:*:*

NEC Corporation

>>actsecure_x_managed_security_service>>3.5.0

cpe:2.3:a:nec:actsecure_x_managed_security_service:3.5.0:*:*:*:*:*:*:*

skygroup>>edr_plus_pack>>Versions from 3.4.0(inclusive) to 3.4.6(inclusive)

cpe:2.3:a:skygroup:edr_plus_pack:*:*:*:*:*:*:*:*

skygroup>>edr_plus_pack>>3.5.0

cpe:2.3:a:skygroup:edr_plus_pack:3.5.0:*:*:*:*:*:*:*

skygroup>>edr_plus_pack_cloud>>Versions from 3.4.0(inclusive) to 3.4.6(inclusive)

cpe:2.3:a:skygroup:edr_plus_pack_cloud:*:*:*:*:*:*:*:*

skygroup>>edr_plus_pack_cloud>>3.5.0

cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.5.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-755	Primary	nvd@nist.gov

CWE ID: CWE-755

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://jvn.jp/en/jp/JVN42527152/	vultures@jpcert.or.jp	Third Party Advisory
https://www.ffri.jp/security-info/index.htm	vultures@jpcert.or.jp	Vendor Advisory
https://www.skyseaclientview.net/news/230807_01/	vultures@jpcert.or.jp	Third Party Advisory
https://www.soliton.co.jp/support/zerona_notice_2023.html	vultures@jpcert.or.jp	Third Party Advisory
https://www.sourcenext.com/support/i/2023/230718_01	vultures@jpcert.or.jp	Third Party Advisory
https://www.support.nec.co.jp/View.aspx?id=3140109240	vultures@jpcert.or.jp	Permissions Required