Low Privilege Attackers Can Cause Denial of Service Through Configuration Changes

CVE-2024-43392

8.1HIGH

Key Information

Vendor: Phoenix Contact
Status: Fl Mguard 2102; Fl Mguard 2105; Fl Mguard 4102 Pci; Fl Mguard 4102 Pcie
Vendor: CVE Published:; 10 September 2024

Summary

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.

Affected Version(s)

FL MGUARD 2102 < 10.4.1

FL MGUARD 2105 < 10.4.1

FL MGUARD 4102 PCI < 10.4.1

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 10, 2024
Vulnerability Reserved.
Aug 12, 2024

Collectors

NVD DatabaseMitre Database

Credit

Andrea Palanca

Nozomi Networks Security Research Team