Main Vulnerability Database Vulnerabilities #VU68869

Unprotected storage of credentials in +F FS040U - CVE-2022-43442

Published: November 1, 2022

Vulnerability identifier: #VU68869

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-43442

CWE-ID: CWE-256

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
+F FS040U

Software vendor:
FUJISOFT INCORPORATED

Description

The vulnerability allows a local attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. An attacker with physical access can obtain the login password and log in to the management console.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/jp/JVN74285622/index.html

Unprotected storage of credentials in +F FS040U - CVE-2022-43442

Description

Remediation

External links

Please verify you're human