CVE-2024-7734 MEDIUM

CVE-2024-7734: Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.

Vendor Phoenix Contact
Product FL MGUARD 2102
Weakness CWE-770 · Uncontrolled resource consumption
Published September 10, 2024
Last update September 10, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated