← Back

CVE-2024-43385

nvd nist
Published: Sep 10, 2024Modified: Sep 27, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: info@cert.vde.com (Secondary)

Description

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

Affected (36)

Products: Phoenixcontact: Tc Mguard Rs4000 4g Vzw Vpn Firmware, Tc Mguard Rs4000 4g Vpn Firmware, Tc Mguard Rs4000 4g Att Vpn Firmware, Tc Mguard Rs4000 3g Vpn Firmware, Tc Mguard Rs2000 4g Vzw Vpn Firmware, Tc Mguard Rs2000 4g Vpn Firmware, Tc Mguard Rs2000 4g Att Vpn Firmware, Tc Mguard Rs2000 3g Vpn Firmware, Fl Mguard Smart2 Vpn Firmware, Fl Mguard Smart2 Firmware, Fl Mguard Rs4004 Tx/dtx Vpn Firmware, Fl Mguard Rs4004 Tx/dtx Firmware, Fl Mguard Rs4000 Tx/tx Vpn Firmware, Fl Mguard Rs4000 Tx/tx P Firmware, Fl Mguard Rs4000 Tx/tx M Firmware, Fl Mguard Rs4000 Tx/tx Firmware, Fl Mguard Rs2005 Tx Vpn Firmware, Fl Mguard Rs2000 Tx/tx Vpn Firmware, Fl Mguard Rs2000 Tx/tx B Firmware, Fl Mguard Pcie4000 Vpn Firmware, Fl Mguard Pcie4000 Firmware, Fl Mguard Pci4000 Vpn Firmware, Fl Mguard Pci4000 Firmware, Fl Mguard Gt/gt Vpn Firmware, Fl Mguard Gt/gt Firmware, Fl Mguard Delta Tx/tx Vpn Firmware, Fl Mguard Delta Tx/tx Firmware, Fl Mguard Core Tx Vpn Firmware, Fl Mguard Core Tx Firmware, Fl Mguard Centerport Vpn 1000 Firmware, Fl Mguard 4305 Firmware, Fl Mguard 4302 Firmware, Fl Mguard 4102 Pcie Firmware, Fl Mguard 4102 Pci Firmware, Fl Mguard 2105 Firmware, Fl Mguard 2102 Firmware
Phoenixcontact
36 products
Tc Mguard Rs4000 4g Vzw Vpn Firmware
Tc Mguard Rs4000 4g Vpn Firmware
Tc Mguard Rs4000 4g Att Vpn Firmware
Tc Mguard Rs4000 3g Vpn Firmware
Tc Mguard Rs2000 4g Vzw Vpn Firmware
Tc Mguard Rs2000 4g Vpn Firmware
Tc Mguard Rs2000 4g Att Vpn Firmware
Tc Mguard Rs2000 3g Vpn Firmware
Fl Mguard Smart2 Vpn Firmware
Fl Mguard Smart2 Firmware
Fl Mguard Rs4004 Tx/dtx Vpn Firmware
Fl Mguard Rs4004 Tx/dtx Firmware
Fl Mguard Rs4000 Tx/tx Vpn Firmware
Fl Mguard Rs4000 Tx/tx P Firmware
Fl Mguard Rs4000 Tx/tx M Firmware
Fl Mguard Rs4000 Tx/tx Firmware
Fl Mguard Rs2005 Tx Vpn Firmware
Fl Mguard Rs2000 Tx/tx Vpn Firmware
Fl Mguard Rs2000 Tx/tx B Firmware
Fl Mguard Pcie4000 Vpn Firmware
Fl Mguard Pcie4000 Firmware
Fl Mguard Pci4000 Vpn Firmware
Fl Mguard Pci4000 Firmware
Fl Mguard Gt/gt Vpn Firmware
Fl Mguard Gt/gt Firmware
Fl Mguard Delta Tx/tx Vpn Firmware
Fl Mguard Delta Tx/tx Firmware
Fl Mguard Core Tx Vpn Firmware
Fl Mguard Core Tx Firmware
Fl Mguard Centerport Vpn 1000 Firmware
Fl Mguard 4305 Firmware
Fl Mguard 4302 Firmware
Fl Mguard 4102 Pcie Firmware
Fl Mguard 4102 Pci Firmware
Fl Mguard 2105 Firmware
Fl Mguard 2102 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs4000 4g Vzw Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs4000 4g Vzw Vpn
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs4000 4g Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs4000 4g Vpn
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs4000 4g Att Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs4000 4g Att Vpn
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs4000 3g Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs4000 3g Vpn
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs2000 4g Vzw Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs2000 4g Vzw Vpn
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs2000 4g Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs2000 4g Vpn
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs2000 4g Att Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs2000 4g Att Vpn
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tc Mguard Rs2000 3g Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Tc Mguard Rs2000 3g Vpn
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Smart2 Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Smart2 Vpn
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Smart2 Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Smart2
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs4004 Tx/dtx Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs4004 Tx/dtx Vpn
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs4004 Tx/dtx Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs4004 Tx/dtx
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs4000 Tx/tx Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs4000 Tx/tx Vpn
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs4000 Tx/tx P Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs4000 Tx/tx P
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs4000 Tx/tx M Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs4000 Tx/tx M
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs4000 Tx/tx Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs4000 Tx/tx
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs2005 Tx Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs2005 Tx Vpn
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs2000 Tx/tx Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs2000 Tx/tx Vpn
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Rs2000 Tx/tx B Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Rs2000 Tx/tx B
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Pcie4000 Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Pcie4000 Vpn
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Pcie4000 Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Pcie4000
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Pci4000 Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Pci4000 Vpn
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Pci4000 Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Pci4000
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Gt/gt Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Gt/gt Vpn
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Gt/gt Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Gt/gt
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Delta Tx/tx Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Delta Tx/tx Vpn
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Delta Tx/tx Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Delta Tx/tx
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Core Tx Vpn Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Core Tx Vpn
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Core Tx Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Core Tx
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard Centerport Vpn 1000 Firmware
Before 8.9.3
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard Centerport Vpn 1000
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard 4305 Firmware
Before 10.4.1
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard 4305
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard 4302 Firmware
Before 10.4.1
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard 4302
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard 4102 Pcie Firmware
Before 10.4.1
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard 4102 Pcie
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard 4102 Pci Firmware
Before 10.4.1
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard 4102 Pci
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard 2105 Firmware
Before 10.4.1
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard 2105
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fl Mguard 2102 Firmware
Before 10.4.1
Running on/withPlatform Versions
Phoenixcontact
Fl Mguard 2102
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (1)

Source: info@cert.vde.com
Third Party Advisory

Timeline

No history available yet.