Low Privilege Attacker Can Conduct Configuration Changes Leading to Denial of Service
CVE-2024-43391
8.1HIGH
Key Information
- Vendor
- Phoenix Contact
- Status
- Fl Mguard 2102
- Fl Mguard 2105
- Fl Mguard 4102 Pci
- Fl Mguard 4102 Pcie
- Vendor
- CVE Published:
- 10 September 2024
Summary
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.
Affected Version(s)
FL MGUARD 2102 < 10.4.1
FL MGUARD 2105 < 10.4.1
FL MGUARD 4102 PCI < 10.4.1
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Andrea Palanca
Nozomi Networks Security Research Team