[Japanese]
|
JVNDB-2024-000077
|
FFRI AMC vulnerable to OS command injection
|
FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X.
FFRI AMC contains an OS command injection vulnerability (CWE-78).
It is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style.
FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 8.1 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The scope is assessed as Unchanged (S:U) because, when exploited, an OS command is executed with the same privilege as that of affected product (LocalSystem with the initial configuration).
|
|
Sky Co., LTD.
- EDR Pluspack (Bundled FFRI AMC versions 3.4.0 to 3.5.3)
FFRI Security, Inc.
- FFRI AMC versions 3.4.0 to 3.5.3
NEC Corporation
- FFRI AMC for ActSecure X versions 3.4.0 to 3.5.3
|
The developer states that the avobe OEM products of FFRI AMC are affected, too.
FFRI yarai cloud, FFRI yarai, and FFRI yarai Home and Business Edition are not affected by this vulnerability.
In addition, FFRI yarai OEM products other than those listed above are also not affected by this vulnerability.
|
When an attacker pretends to be a yarai client and sends crafted request, an arbitrary OS command may be executed on the victim FFRI AMC.
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The following versions are provided to address the vulnerability:
- NEC Corporation
- FFRI AMC for ActSecure X version 3.6.1
- Sky Co., Ltd.
- EDR Plus Pack (Bundled FFRI AMC version 3.6.1)
|
Sky Co., LTD.
FFRI Security, Inc.
NEC Corporation
|
- OS Command Injection(CWE-78) [IPA Evaluation]
|
- CVE-2024-40895
|
- JVN : JVN#26734798
|
- [2024/07/30]
Web page was published
|