CVE-2024-7699 HIGH

CVE-2024-7699: Phoenix Contact: OS command execution in MGUARD products

Vendor Phoenix Contact

Product FL MGUARD 2102

Weakness CWE-78

Published September 10, 2024

Last update September 10, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

Key dates

02Disclosure timeline

September 10, 2024 CVE published

September 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7699 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2024-7699

CWE CWE-78

CVSS 8.8 / HIGH

Affected versions

Vendor Phoenix Contact

Product FL MGUARD 2102

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 2105

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4102 PCI

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4102 PCIE

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4302

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD 4305

Affected < 10.4.1

Vendor Phoenix Contact

Product FL MGUARD CENTERPORT VPN-1000

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD CORE TX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD CORE TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD DELTA TX/TX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD DELTA TX/TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD GT/GT

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD GT/GT VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCI4000

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCI4000 VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCIE4000

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD PCIE4000 VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS2000 TX/TX-B

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS2000 TX/TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS2005 TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX-M

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX-P

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4000 TX/TX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4004 TX/DTX

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD RS4004 TX/DTX VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD SMART2

Affected < 8.9.3

Vendor Phoenix Contact

Product FL MGUARD SMART2 VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 3G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 4G ATT VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 4G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS2000 4G VZW VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 3G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 4G ATT VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 4G VPN

Affected < 8.9.3

Vendor Phoenix Contact

Product TC MGUARD RS4000 4G VZW VPN

Affected < 8.9.3

CVE-2024-7699: Phoenix Contact: OS command execution in MGUARD products

01Description

02Disclosure timeline

03References

04Related CVE