Lucene search

CERTVDECVELIST:CVE-2020-12523

HistoryDec 17, 2020 - 12:00 a.m.

CVE-2020-12523 Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration

2020-12-1700:00:00

CWE-909

CERTVDE

www.cve.org

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

CNA Affected

[
  {
    "product": "TC MGUARD RS4000 4G VZW VPN (1010461)",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TC MGUARD RS4000 4G ATT VPN (1010463)",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "FL MGUARD RS4004 TX/DTX (2701876)",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TC MGUARD RS4000 3G VPN (2903440)",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TC MGUARD RS4000 4G VPN (2903586)",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Innominate mGuard rs4000 4TX/TX",
    "vendor": "Innominate",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Innominate mGuard rs4000 4TX/TX VPN",
    "vendor": "Innominate",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Innominate mGuard rs4000 4TX/3G/TX VPN",
    "vendor": "Innominate",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2020-046

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVELIST:CVE-2020-12523