// For flags

CVE-2024-43390

Phoenix Contact: Firewall reconfiguration due to improper input validation in MGUARD devices

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.

*Credits: Andrea Palanca, Nozomi Networks Security Research Team
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-08-12 CVE Reserved
  • 2024-09-10 CVE Published
  • 2024-09-28 EPSS Updated
  • 2024-10-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD 2102
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 2102"
< 10.4.1
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 2102" and version " < 10.4.1"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD 2105
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 2105"
< 10.4.1
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 2105" and version " < 10.4.1"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD 4102 PCI
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4102 PCI"
< 10.4.1
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4102 PCI" and version " < 10.4.1"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD 4102 PCIE
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4102 PCIE"
< 10.4.1
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4102 PCIE" and version " < 10.4.1"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD 4302
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4302"
< 10.4.1
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4302" and version " < 10.4.1"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD 4305
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4305"
< 10.4.1
Search vendor "PHOENIX CONTACT" for product "FL MGUARD 4305" and version " < 10.4.1"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD CENTERPORT VPN-1000
Search vendor "PHOENIX CONTACT" for product "FL MGUARD CENTERPORT VPN-1000"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD CENTERPORT VPN-1000" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD CORE TX
Search vendor "PHOENIX CONTACT" for product "FL MGUARD CORE TX"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD CORE TX" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD CORE TX VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD CORE TX VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD CORE TX VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD DELTA TX/TX
Search vendor "PHOENIX CONTACT" for product "FL MGUARD DELTA TX/TX"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD DELTA TX/TX" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD DELTA TX/TX VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD DELTA TX/TX VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD DELTA TX/TX VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD GT/GT
Search vendor "PHOENIX CONTACT" for product "FL MGUARD GT/GT"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD GT/GT" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD GT/GT VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD GT/GT VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD GT/GT VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD PCI4000
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCI4000"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCI4000" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD PCI4000 VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCI4000 VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCI4000 VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD PCIE4000
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCIE4000"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCIE4000" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD PCIE4000 VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCIE4000 VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD PCIE4000 VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS2000 TX/TX-B
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS2000 TX/TX-B"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS2000 TX/TX-B" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS2000 TX/TX VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS2000 TX/TX VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS2000 TX/TX VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS2005 TX VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS2005 TX VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS2005 TX VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS4000 TX/TX
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS4000 TX/TX-M
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX-M"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX-M" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS4000 TX/TX-P
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX-P"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX-P" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS4000 TX/TX VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4000 TX/TX VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS4004 TX/DTX
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4004 TX/DTX"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4004 TX/DTX" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD RS4004 TX/DTX VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4004 TX/DTX VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD RS4004 TX/DTX VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD SMART2
Search vendor "PHOENIX CONTACT" for product "FL MGUARD SMART2"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD SMART2" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
FL MGUARD SMART2 VPN
Search vendor "PHOENIX CONTACT" for product "FL MGUARD SMART2 VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "FL MGUARD SMART2 VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS2000 3G VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 3G VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 3G VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS2000 4G ATT VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 4G ATT VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 4G ATT VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS2000 4G VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 4G VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 4G VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS2000 4G VZW VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 4G VZW VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS2000 4G VZW VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS4000 3G VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 3G VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 3G VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS4000 4G ATT VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 4G ATT VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 4G ATT VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS4000 4G VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 4G VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 4G VPN" and version " < 8.9.3"
en
Affected
PHOENIX CONTACT
Search vendor "PHOENIX CONTACT"
TC MGUARD RS4000 4G VZW VPN
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 4G VZW VPN"
< 8.9.3
Search vendor "PHOENIX CONTACT" for product "TC MGUARD RS4000 4G VZW VPN" and version " < 8.9.3"
en
Affected