July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Malicious C2 Communication via QR Codes Circumvents Browser Isolation
December 9, 2024Attackers Use DarkNimbus Backdoor and MOONSHINE Exploit to Target Tibetans and Uyghurs – Active IOCs
December 9, 2024Malicious C2 Communication via QR Codes Circumvents Browser Isolation
December 9, 2024Attackers Use DarkNimbus Backdoor and MOONSHINE Exploit to Target Tibetans and Uyghurs – Active IOCs
December 9, 2024
Severity
High
Analysis Summary
CVE-2024-38658 CVSS:7.8
There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
CVE-2024-38389 CVSS:7.8
There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
CVE-2024-38309 CVSS:7.8
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
Impact
- Code Execution
- Buffer Overflow
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-38658
- CVE-2024-38389
- CVE-2024-38309
Affected Vendors
Fuji Electric
Affected Products
- Fuji Electric V-Server v4.0.19.0
- Fuji Electric V-Server Lite v4.0.19.0
- Fuji Electric TELLUS v4.0.19.0
- Fuji Electric TELLUS Lite v4.0.19.0
- Fuji Electric V-SFT v6.2.2.0
Remediation
Refer to Fuji Electric Security Advisory for patch, upgrade, or suggested workaround information.