CVE-2024-43387 HIGH

CVE-2024-43387: Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices

Vendor Phoenix Contact

Product FL MGUARD 2102

Weakness CWE-78

Published September 10, 2024

Last update September 10, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.

Key dates

02Disclosure timeline

September 10, 2024 CVE published

September 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-43387 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2024-43387

CWE CWE-78

CVSS 8.8 / HIGH

Affected versions

Vendor Phoenix Contact

Product FL MGUARD 2102

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 2105

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4102 PCI

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4102 PCIE

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4302

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4305

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD CENTERPORT VPN-1000

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD CORE TX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD CORE TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD DELTA TX/TX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD DELTA TX/TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD GT/GT

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD GT/GT VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCI4000

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCI4000 VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCIE4000

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCIE4000 VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS2000 TX/TX-B

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS2000 TX/TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS2005 TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX-M

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX-P

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4004 TX/DTX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4004 TX/DTX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD SMART2

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD SMART2 VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 3G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 4G ATT VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 4G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 4G VZW VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 3G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 4G ATT VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 4G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 4G VZW VPN

Affected < 8.9.3

CVE-2024-43387: Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices

01Description

02Disclosure timeline

03References

04Related CVE