CVE-2023-39341

EPSS 0.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

09 Aug 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

Affected products

FFRI Security, Inc. · FFRI yarai FFRI Security, Inc. · FFRI yarai Home and Business Edition NEC Corporation · ActSecure χ Sky Co., Ltd. · EDR Plus Pack Sky Co., Ltd. · EDR Plus Pack Cloud Soliton Systems K.K. · InfoTrace Mark II Malware Protection (Mark II Zerona)Soliton Systems K.K. · Zerona / Zerona PLUS SOURCENEXT CORPORATION · Dual Safe Powered by FFRI yarai

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN42527152/https://www.ffri.jp/security-info/index.htm https://www.skyseaclientview.net/news/230807_01/https://www.soliton.co.jp/support/zerona_notice_2023.html https://www.sourcenext.com/support/i/2023/230718_01 https://www.support.nec.co.jp/View.aspx?id=3140109240