CVE-2022-29516
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary operating system commands on affected FUJITSU Network IPCOM devices through the web console. Attackers can potentially gain full control of the device without authentication. Organizations using the listed IPCOM series products are affected.
💻 Affected Systems
- IPCOM EX2 IN(3200, 3500)
- IPCOM EX2 LB(1100, 3200, 3500)
- IPCOM EX2 SC(1100, 3200, 3500)
- IPCOM EX2 NW(1100, 3200, 3500)
- IPCOM EX2 DC
- IPCOM EX IN(2300, 2500, 2700)
- IPCOM EX LB(1100, 1300, 2300, 2500, 2700)
- IPCOM EX SC(1100, 1300, 2300, 2500, 2700)
- IPCOM EX NW(1100, 1300, 2300, 2500, 2700)
📦 What is this software?
Ipcom Ve2 Ls Plus2 200 Firmware by Fujitsu
Ipcom Ve2 Ls Plus2 220 Firmware by Fujitsu
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the network device leading to network disruption, data exfiltration, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Unauthorized access to device configuration, network traffic interception, credential harvesting, and potential use as a pivot point for further attacks.
If Mitigated
Limited impact if device is isolated, patched, and monitored with proper network segmentation and access controls.
🎯 Exploit Status
CVE description indicates remote unauthenticated exploitation via unspecified vectors. CVSS 9.8 suggests trivial exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific firmware versions
Vendor Advisory: https://www.fujitsu.com/jp/products/network/support/2022/ipcom-01/
Restart Required: Yes
Instructions:
1. Check current firmware version on IPCOM device. 2. Download appropriate firmware update from FUJITSU support site. 3. Backup device configuration. 4. Apply firmware update following vendor instructions. 5. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Disable Web Console Access
allTemporarily disable web console interface to prevent exploitation
Check device documentation for web console disable commands
Network Access Control
linuxRestrict access to web console interface using firewall rules
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict access controls
- Implement network monitoring and IDS/IPS rules to detect exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against vendor advisory. If running unpatched firmware on affected models, assume vulnerable.Check Version:
Check web console interface or CLI for firmware version informationVerify Fix Applied:
Verify firmware version has been updated to patched version specified in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in device logs
- Multiple failed authentication attempts followed by successful access
- Unexpected configuration changes
Network Indicators:
- Unusual outbound connections from network device
- Traffic patterns inconsistent with normal device operation
SIEM Query:
source="ipcom-device" AND (event="command_execution" OR event="configuration_change")