关键信息 1. 漏洞编号: - JVN#29238389 2. 漏洞名称: - IPCOM vulnerable to information disclosure 3. 受影响产品: - IPCOM EX2 Series V01L02NF0001 to V01L06NF0401 - IPCOM VE2 Series V01L04NF0001 to V01L06NF0112 4. 描述: - SSL Accelerator/SSL-VPN Function of IPCOM provided by Fasas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy (CWE-208). 5. 影响: - Some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication. 6. 解决方案: - 更新固件: - Update the firmware to the latest version according to the information provided by the developer. - 应用工作绕: - Disable the RSA key exchange cipher suite in the IPCOM cipher suite settings. 7. 供应商状态: - Fasas Technologies Inc.: Vulnerable - Last Update: 2024/08/30 - Vendor Notes: Fasas Technologies Inc. website 8. 参考: - JPCERT/CC Addendum - Vulnerability Analysis by JPCERT/CC - CVSS v3: 3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - Base Score: 5.9 9. 信用: - Fasas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fasas Technologies Inc. coordinated under the Information Security Early Warning Partnership. 10. 其他信息: - JPCERT Alert - JPCERT Reports - CERT Advisory - CPNI Advisory - TRnotes - CVE: CVE-2024-39921 - JVN iPedia: JVNDB-2024-000091