CVE-2022-43470 - Vulnerability Details - OpenCVE

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fsi	Fs020w Fs020w Firmware Fs030w Fs030w Firmware Fs040u Fs040u Firmware Fs040w Fs040w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:fsi:fs040u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs040u:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:fsi:fs020w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs020w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:fsi:fs030w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs030w:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:fsi:fs040w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:fsi:fs040w:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN74285622/index.html
https://www.fsi.co.jp/mobile/plusF/news/22102801.html
https://www.fsi.co.jp/mobile/plusF/news/22102802.html
https://www.fsi.co.jp/mobile/plusF/news/22102803.html
https://www.fsi.co.jp/mobile/plusF/news/22102804.html

History

Thu, 24 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-12-05T00:00:00.000Z

Updated: 2025-04-24T14:16:21.169Z

Reserved: 2022-10-22T00:00:00.000Z

Link: CVE-2022-43470

Vulnrichment

Updated: 2024-08-03T13:32:59.180Z

NVD

Status : Modified

Published: 2022-12-05T04:15:10.240

Modified: 2025-04-24T15:15:51.297

Link: CVE-2022-43470

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43470", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "dateUpdated": "2025-04-24T14:16:21.169Z", "dateReserved": "2022-10-22T00:00:00.000Z", "datePublished": "2022-12-05T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2022-12-05T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed."}], "affected": [{"vendor": "FUJI SOFT INCORPORATED", "product": "+F FS040U, +F FS020W, +F FS030W, and +F FS040W", "versions": [{"version": "+F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier", "status": "affected"}]}], "references": [{"url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html"}, {"url": "https://jvn.jp/en/jp/JVN74285622/index.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Cross-site request forgery"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.180Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN74285622/index.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-24T14:15:46.026643Z", "id": "CVE-2022-43470", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T14:16:21.169Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html", "tags": ["x_transferred"]}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN74285622/index.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.180Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-43470", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-24T14:15:46.026643Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T14:16:17.178Z"}}], "cna": {"affected": [{"vendor": "FUJI SOFT INCORPORATED", "product": "+F FS040U, +F FS020W, +F FS030W, and +F FS040W", "versions": [{"status": "affected", "version": "+F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier"}]}], "references": [{"url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html"}, {"url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html"}, {"url": "https://jvn.jp/en/jp/JVN74285622/index.html"}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Cross-site request forgery"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2022-12-05T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43470", "state": "PUBLISHED", "dateUpdated": "2025-04-24T14:16:21.169Z", "dateReserved": "2022-10-22T00:00:00.000Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2022-12-05T00:00:00.000Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs040u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAEE23-2050-4A94-87AD-8ADA97881B1F", "versionEndIncluding": "2.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs040u:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37C2591-BB48-443C-BDA7-5B1B5988AF6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs020w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8563F7A-7D71-471F-AC51-5A4F2C2D080E", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs020w:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC6EC9BC-6A81-4704-906E-BAE1EA8F6DF5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs030w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E91AD140-C4D8-4A80-AF32-C06CF3970CA2", "versionEndIncluding": "3.3.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs030w:-:*:*:*:*:*:*:*", "matchCriteriaId": "7428EC5A-079A-4759-BEBB-7F58E7EA4AA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fsi:fs040w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A73DAD96-1D8A-412F-B248-D61E7F14B84A", "versionEndIncluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fsi:fs040w:-:*:*:*:*:*:*:*", "matchCriteriaId": "37A14440-69FF-4DDB-9FAE-05AFBF00D4EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en las versiones de software +F FS040U v2.3.4 y anteriores, versiones de software +F FS020W v4.0.0 y anteriores, versiones de software +F FS030W v3.3.5 y anteriores, y versiones de software +F FS040W v1 .4.1 y anteriores permiten que un atacante adyacente se apodere de la autenticaci\u00f3n de un administrador y se puedan realizar operaciones no deseadas del usuario, como reiniciar el producto y/o restablecer la configuraci\u00f3n a la configuraci\u00f3n inicial."}], "id": "CVE-2022-43470", "lastModified": "2025-04-24T15:15:51.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-05T04:15:10.240", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN74285622/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN74285622/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102801.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102802.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102803.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.fsi.co.jp/mobile/plusF/news/22102804.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}