CVE-2024-43393

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: Sep 10, 2024 / Updated: 2mo ago

010
CVSS 8.1EPSS 0.04%High
CVE info copied to clipboard

Summary

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.

Impact

This vulnerability allows a remote attacker with low privileges to modify firewall configurations, potentially leading to a Denial of Service (DoS). The attacker could manipulate packet filtering, forwarding, network access control, or NAT settings, severely disrupting network operations and security. This could result in unauthorized access, network instability, or complete loss of network functionality.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability affects multiple Phoenix Contact mGuard firewall firmware versions. For most affected products, the vulnerability is patched in versions 8.9.3 and later. For FL mGuard 4305, 4302, 4102 PCIe, 4102 PCI, 2105, and 2102 firmware, the patch is available in versions 10.4.1 and later.

Mitigation

1. Update all affected Phoenix Contact mGuard firewall firmware to the latest patched version (8.9.3 or 10.4.1, depending on the specific product). 2. If immediate patching is not possible, implement strict access controls to limit who can interact with the firewall's configuration interface. 3. Monitor firewall logs and configuration changes closely for any suspicious activity. 4. Implement network segmentation to minimize the potential impact if a firewall is compromised. 5. Use intrusion detection/prevention systems (IDS/IPS) to detect and block potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-43393. See article

Sep 10, 2024 at 9:01 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 10, 2024 at 9:01 AM
CVE Assignment

NVD published the first details for CVE-2024-43393

Sep 10, 2024 at 9:15 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Sep 10, 2024 at 9:20 AM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 14.1%)

Sep 11, 2024 at 11:04 AM
CVSS

A CVSS base score of 8.1 has been assigned.

Sep 27, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Phoenixcontact/fl_mguard_gt\/gt_firmware
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

CVE-2024-43393
Medium Severity Description A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS. Read more at https://www.tenable.com/cve/CVE-2024-43393
Medium - CVE-2024-43393 - A low privileged remote attacker can perform...
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the...
Phoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devices
Phoenix Contact - MEDIUM - CVE-2024-43393 A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.
CVE-2024-43393 - Fortinet Firewall Elevated Configuration Change Vulnerability
CVE ID : CVE-2024-43393 Published : Sept. 10, 2024, 9:15 a.m. 21 minutes ago Description : A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS. Severity: 6.5 MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-43393 | Phoenix Contact FL MGUARD 2102 Environment Variable injection (VDE-2024-039)
A vulnerability, which was classified as critical , was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN . Affected is an unknown function of the component Environment Variable Handler . The manipulation of the argument FW_INCOMING.FROM_IP/FW_INCOMING.IN_IP/FW_OUTGOING.FROM_IP/FW_OUTGOING.IN_IP/FW_RULESETS.FROM_IP/FW_RULESETS.IN_IP leads to injection. This vulnerability is traded as CVE-2024-43393 . It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI