Low Privileged Remote Attacker Can Perform Configuration Changes Leading to DoS via OSPF_INTERFACE.SIMPLE_KEY and OSPF_INTERFACE.DIGEST_KEY
CVE-2024-43389

8.1HIGH

Key Information:

Vendor: Phoenix Contact
Status: Fl Mguard 2102; Fl Mguard 2105; Fl Mguard 4102 Pci; Fl Mguard 4102 Pcie
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability allows low privileged remote attackers to make unauthorized configuration changes to the OSPF service. By manipulating OSPF_INTERFACE.SIMPLE_KEY and OSPF_INTERFACE.DIGEST_KEY environment variables, attackers can disrupt the service, potentially leading to a Denial of Service (DoS) condition. This vulnerability poses significant risks for network stability and requires urgent attention to prevent exploitation.

Affected Version(s)

FL MGUARD 2102 0 < 10.4.1

FL MGUARD 2105 0 < 10.4.1

FL MGUARD 4102 PCI 0 < 10.4.1

References

https://cert.vde.com/en/advisories/VDE-2024-039

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 12, 2024

Credit

Andrea Palanca

Nozomi Networks Security Research Team