Low Privilege Attackers Can Cause Denial of Service Through Configuration Changes

CVE-2024-43392
8.1HIGH

Key Information

Vendor
Phoenix Contact
Status
Fl Mguard 2102
Fl Mguard 2105
Fl Mguard 4102 Pci
Fl Mguard 4102 Pcie
Vendor
CVE Published:
10 September 2024

Summary

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.

Affected Version(s)

FL MGUARD 2102 < 10.4.1

FL MGUARD 2105 < 10.4.1

FL MGUARD 4102 PCI < 10.4.1

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Andrea Palanca
Nozomi Networks Security Research Team
.