Lucene search
CERTVDECVE-2024-43386HistorySep 10, 2024 - 9:15 a.m.
CVE-2024-43386
2024-09-1009:15:04
CWE-78
CERTVDE
web.nvd.nist.gov
23
cve-2024-43386
low privileged attacker
arbitrary os commands
root access
improper neutralization
email_notification.to
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
21.1%
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
Affected configurations
Node
phoenixcontacttc_mguard_rs4000_4g_vzw_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs4000_4g_vzw_vpnMatch-
Node
phoenixcontacttc_mguard_rs4000_4g_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs4000_4g_vpnMatch-
Node
phoenixcontacttc_mguard_rs4000_4g_att_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs4000_4g_att_vpnMatch-
Node
phoenixcontacttc_mguard_rs4000_3g_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs4000_3g_vpnMatch-
Node
phoenixcontacttc_mguard_rs2000_4g_vzw_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs2000_4g_vzw_vpnMatch-
Node
phoenixcontacttc_mguard_rs2000_4g_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs2000_4g_vpnMatch-
Node
phoenixcontacttc_mguard_rs2000_4g_att_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs2000_4g_att_vpnMatch-
Node
phoenixcontacttc_mguard_rs2000_3g_vpn_firmwareRange<8.9.3
phoenixcontacttc_mguard_rs2000_3g_vpnMatch-
Node
phoenixcontactfl_mguard_smart2_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_smart2_vpnMatch-
Node
phoenixcontactfl_mguard_smart2_firmwareRange<8.9.3
phoenixcontactfl_mguard_smart2Match-
Node
phoenixcontactfl_mguard_rs4004_tx\/dtx_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs4004_tx\/dtx_vpnMatch-
Node
phoenixcontactfl_mguard_rs4004_tx\/dtx_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs4004_tx\/dtxMatch-
Node
phoenixcontactfl_mguard_rs4000_tx\/tx_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs4000_tx\/tx_vpnMatch-
Node
phoenixcontactfl_mguard_rs4000_tx\/tx-p_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs4000_tx\/tx-pMatch-
Node
phoenixcontactfl_mguard_rs4000_tx\/tx-m_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs4000_tx\/tx-mMatch-
Node
phoenixcontactfl_mguard_rs4000_tx\/tx_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs4000_tx\/txMatch-
Node
phoenixcontactfl_mguard_rs2005_tx_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs2005_tx_vpnMatch-
Node
phoenixcontactfl_mguard_rs2000_tx\/tx_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs2000_tx\/tx_vpnMatch-
Node
phoenixcontactfl_mguard_rs2000_tx\/tx-b_firmwareRange<8.9.3
phoenixcontactfl_mguard_rs2000_tx\/tx-bMatch-
Node
phoenixcontactfl_mguard_pcie4000_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_pcie4000_vpnMatch-
Node
phoenixcontactfl_mguard_pcie4000_firmwareRange<8.9.3
phoenixcontactfl_mguard_pcie4000Match-
Node
phoenixcontactfl_mguard_pci4000_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_pci4000_vpnMatch-
Node
phoenixcontactfl_mguard_pci4000_firmwareRange<8.9.3
phoenixcontactfl_mguard_pci4000Match-
Node
phoenixcontactfl_mguard_gt\/gt_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_gt\/gt_vpnMatch-
Node
phoenixcontactfl_mguard_gt\/gt_firmwareRange<8.9.3
phoenixcontactfl_mguard_gt\/gtMatch-
Node
phoenixcontactfl_mguard_delta_tx\/tx_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_delta_tx\/tx_vpnMatch-
Node
phoenixcontactfl_mguard_delta_tx\/tx_firmwareRange<8.9.3
phoenixcontactfl_mguard_delta_tx\/txMatch-
Node
phoenixcontactfl_mguard_core_tx_vpn_firmwareRange<8.9.3
phoenixcontactfl_mguard_core_tx_vpnMatch-
Node
phoenixcontactfl_mguard_core_tx_firmwareRange<8.9.3
phoenixcontactfl_mguard_core_txMatch-
Node
phoenixcontactfl_mguard_centerport_vpn-1000_firmwareRange<8.9.3
phoenixcontactfl_mguard_centerport_vpn-1000Match-
Node
phoenixcontactfl_mguard_4305_firmwareRange<10.4.1
phoenixcontactfl_mguard_4305Match-
Node
phoenixcontactfl_mguard_4302_firmwareRange<10.4.1
phoenixcontactfl_mguard_4302Match-
Node
phoenixcontactfl_mguard_4102_pcie_firmwareRange<10.4.1
phoenixcontactfl_mguard_4102_pcieMatch-
Node
phoenixcontactfl_mguard_4102_pci_firmwareRange<10.4.1
phoenixcontactfl_mguard_4102_pciMatch-
Node
phoenixcontactfl_mguard_2105_firmwareRange<10.4.1
phoenixcontactfl_mguard_2105Match-
Node
phoenixcontactfl_mguard_2102_firmwareRange<10.4.1
phoenixcontactfl_mguard_2102Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phoenixcontact | tc_mguard_rs4000_4g_vzw_vpn_firmware | * | cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_4g_vzw_vpn | - | cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn:-:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_4g_vpn_firmware | * | cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_4g_vpn | - | cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_4g_att_vpn_firmware | * | cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_4g_att_vpn | - | cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_att_vpn:-:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_3g_vpn_firmware | * | cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs4000_3g_vpn | - | cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs2000_4g_vzw_vpn_firmware | * | cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:* |
| phoenixcontact | tc_mguard_rs2000_4g_vzw_vpn | - | cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 2102",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 2105",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4102 PCI",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4102 PCIE",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4302",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4305",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CENTERPORT VPN-1000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CORE TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CORE TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DELTA TX/TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DELTA TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD GT/GT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD GT/GT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCI4000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCI4000 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCIE4000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCIE4000 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2000 TX/TX-B",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2000 TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2005 TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX-M",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX-P",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4004 TX/DTX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4004 TX/DTX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD SMART2",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD SMART2 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 3G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G ATT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G VZW VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 3G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G ATT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G VZW VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
21.1%
Related for CVE-2024-43386