[Japanese]

JVNDB-2023-000080

"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

Overview

"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly (CWE-703).
When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the affected product may fail to handle this situation properly and stop working.

FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


Sky Co., LTD.
  • EDR Pluspack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)
  • EDR Pluspack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)
SOURCENEXT CORPORATION
  • Double Protection Powered by FFRI yarai version 1.4.1
FFRI Security, Inc.
  • FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0
  • FFRI yarai Home and Business Edition version 1.4.0
Soliton Systems K.K.
  • InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2
  • Zerona versions 3.2.32 to 3.2.36
  • Zerona PLUS Anti-malware versions 3.2.32 to 3.2.36
NEC Corporation
  • ActSecure X versions 3.4.0 to 3.4.6 and 3.5.0

Impact

The affected product may stop working, and remain stopped for 15 minutes in maximum.
Note that, even in such a situation, Microsoft Defender keeps working.

The developer states that the product can be recovered by either of the following.

* Restart the system where the product is running
* Wait for automatic recovery (15 minutes maximum)
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The following versions are provided to address the vulnerability:

* FFRI Security, Inc.
FFRI yarai versions 3.4.7 or 3.5.3
FFRI yarai Home and Business Edition version 1.4.2

* Soliton Systems K.K.
InfoTrace Mark II Malware Protection (Mark II Zerona) version 3.2.4

* NEC Corporation
ActSecure chi version 3.5.3

* SOURCENEXT CORPORATION
Dual Safe Powered by FFRI yarai version 1.4.2

* Sky Co., Ltd.
EDR Plus Pack (Bundled FFRI yarai versions 3.4.7 or 3.5.3)
EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.7 or 3.5.3)


[Apply the Workaround]
The following workaround may mitigate the impact of this vulnerability.

* Disable the Windows Defender management feature

For more information, refer to the information provided by the developer.
Vendor Information

Sky Co., LTD. SOURCENEXT CORPORATION FFRI Security, Inc. Soliton Systems K.K. NEC Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2023-39341
References

  1. JVN : JVN#42527152
  2. National Vulnerability Database (NVD) : CVE-2023-39341
Revision History

  • [2023/08/07]
      Web page was published
  • [2023/08/31]
      Solution was modified
  • [2024/03/28]
      References : Content was added