[Japanese]

JVNDB-2024-000077

FFRI AMC vulnerable to OS command injection

Overview

FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X.
FFRI AMC contains an OS command injection vulnerability (CWE-78).
It is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style.

FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.1 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The scope is assessed as Unchanged (S:U) because, when exploited, an OS command is executed with the same privilege as that of affected product (LocalSystem with the initial configuration).
Affected Products


Sky Co., LTD.
  • EDR Pluspack (Bundled FFRI AMC versions 3.4.0 to 3.5.3)
FFRI Security, Inc.
  • FFRI AMC versions 3.4.0 to 3.5.3
NEC Corporation
  • FFRI AMC for ActSecure X versions 3.4.0 to 3.5.3

The developer states that the avobe OEM products of FFRI AMC are affected, too.

FFRI yarai cloud, FFRI yarai, and FFRI yarai Home and Business Edition are not affected by this vulnerability.
In addition, FFRI yarai OEM products other than those listed above are also not affected by this vulnerability.
Impact

When an attacker pretends to be a yarai client and sends crafted request, an arbitrary OS command may be executed on the victim FFRI AMC.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The following versions are provided to address the vulnerability:


  • FFRI Security, Inc.

    • FFRI AMC version 3.6.1



  • NEC Corporation

    • FFRI AMC for ActSecure X version 3.6.1



  • Sky Co., Ltd.

    • EDR Plus Pack (Bundled FFRI AMC version 3.6.1)

Vendor Information

Sky Co., LTD. FFRI Security, Inc. NEC Corporation
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-40895
References

  1. JVN : JVN#26734798
Revision History

  • [2024/07/30]
      Web page was published

Date Public2024/07/30
Date First Published2024/07/30
Date Last Updated2024/07/30