CVE-2024-43387

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
10/09/2024
Last modified:
27/09/2024

Description

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_att_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)
cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_att_vpn:-:*:*:*:*:*:*:*
cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:* 8.9.3 (excluding)


References to Advisories, Solutions, and Tools