{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43386", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2024-08-12T08:30:16.359Z", "datePublished": "2024-09-10T08:43:41.392Z", "dateUpdated": "2024-09-10T14:25:13.169Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FL MGUARD 2102", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 2105", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4102 PCI", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4102 PCIE", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4302", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4305", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD CENTERPORT VPN-1000", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD CORE TX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD CORE TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD DELTA TX/TX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD DELTA TX/TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD GT/GT", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD GT/GT VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCI4000", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCI4000 VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCIE4000", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCIE4000 VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS2000 TX/TX-B", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS2000 TX/TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS2005 TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX-M", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX-P", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4004 TX/DTX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4004 TX/DTX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD SMART2", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD SMART2 VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 3G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 4G ATT VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 4G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 4G VZW VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 3G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 4G ATT VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 4G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 4G VZW VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks Security Research Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in&nbsp;mGuard devices.</span><br>"}], "value": "A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in\u00a0mGuard devices."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2024-09-10T08:43:41.392Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-039"}], "source": {"advisory": "VDE-2024-039", "defect": ["CERT@VDE#641656"], "discovery": "UNKNOWN"}, "title": "Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in\u00a0mGuard devices.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "phoenixcontact", "product": "fl_mguard_smart2_vpn_firmware", "cpes": ["cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.9.3", "versionType": "semver"}]}, {"vendor": "phoenixcontact", "product": "fl_mguard_4305_firmware", "cpes": ["cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.4.1", "versionType": "semver"}]}, {"vendor": "phoenixcontact", "product": "tc_mguard_rs4000_4g_vzw_vpn_firmware", "cpes": ["cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.9.3", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T14:25:00.255471Z", "id": "CVE-2024-43386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T14:25:13.169Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T14:25:00.255471Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*"], "vendor": "phoenixcontact", "product": "fl_mguard_smart2_vpn_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*"], "vendor": "phoenixcontact", "product": "fl_mguard_4305_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*"], "vendor": "phoenixcontact", "product": "tc_mguard_rs4000_4g_vzw_vpn_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-10T14:23:52.153Z"}}], "cna": {"title": "Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in\u00a0mGuard devices.", "source": {"defect": ["CERT@VDE#641656"], "advisory": "VDE-2024-039", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks Security Research Team"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHOENIX CONTACT", "product": "FL MGUARD 2102", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD 2105", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD 4102 PCI", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD 4102 PCIE", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD 4302", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD 4305", "versions": [{"status": "affected", "version": "0", "lessThan": "10.4.1", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD CENTERPORT VPN-1000", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD CORE TX", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD CORE TX VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD DELTA TX/TX", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD DELTA TX/TX VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD GT/GT", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD GT/GT VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD PCI4000", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD PCI4000 VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD PCIE4000", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD PCIE4000 VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS2000 TX/TX-B", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS2000 TX/TX VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS2005 TX VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS4000 TX/TX", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS4000 TX/TX-M", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS4000 TX/TX-P", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS4000 TX/TX VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS4004 TX/DTX", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD RS4004 TX/DTX VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD SMART2", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "FL MGUARD SMART2 VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS2000 3G VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS2000 4G ATT VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS2000 4G VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS2000 4G VZW VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS4000 3G VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS4000 4G ATT VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS4000 4G VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "PHOENIX CONTACT", "product": "TC MGUARD RS4000 4G VZW VPN", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2024-039"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in\u00a0mGuard devices.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in&nbsp;mGuard devices.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2024-09-10T08:43:41.392Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43386", "state": "PUBLISHED", "dateUpdated": "2024-09-10T14:25:13.169Z", "dateReserved": "2024-08-12T08:30:16.359Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2024-09-10T08:43:41.392Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD02CC05-860D-442A-B973-643B51E13613", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D624EC2-7CEE-4ADC-A1D2-B0688AE23873", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0702823F-52B6-40D3-B598-AA6F8745DB85", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "0910CB6C-8716-4A79-B43C-EB02B22AB632", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDEE0407-9473-4810-BC8D-F9AC44C69219", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_att_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA0DA3D1-0599-4364-AF1A-2DAD50382A15", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "053DB989-17D5-49E1-BF0A-814F80D0FF62", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8861227-5A7F-49CA-B0E6-5806C746B5B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DB61681-FE91-4EA7-A431-446579A511C1", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FD37990-FF75-4323-A8B1-7BEF9A0001D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "234CD8A4-BA72-47A5-8BAF-B449315A2202", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "56CE797B-2D4B-41CC-888E-467F64BDB19C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "428076C7-97EC-47C9-B409-C1C9379A6E29", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_att_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "40F4219D-1822-471E-88C0-7B6F5FB56A00", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D64F7DC-B719-46CF-8D6D-0E9CE24E5F31", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_3g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F287F24-13AD-4628-B724-E58A9F44E48B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "74CBDC4F-31FE-430A-BD2B-95985E2B8959", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_smart2_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "37A2DC0B-6B50-4E38-9585-B131DBCB9F51", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E3AAE8C-4A1C-4DA7-B710-F1458E9E472E", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_smart2:-:*:*:*:*:*:*:*", "matchCriteriaId": "50690731-FA99-45B3-AF4C-C1DAD881CAEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF284D31-EA9B-48F3-A261-78672D3A8BF3", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E62C758-015E-4178-BA37-D463F95BD468", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E7D20EC-CBAA-48C2-91A9-7964A64C5F51", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\\/dtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA35CCC1-2FE0-4FA7-A360-C2F9849476B0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC86EA88-023D-477B-9138-6F16DC173EB0", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "1726B1D9-3CAF-4C11-BB25-C7677B2CEE33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CADDBA01-FB75-4B02-B100-28E7BE105C80", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F88246FF-5453-4473-992B-AEEFE88ED41D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "732BF960-A8C6-4BF3-B58E-A142D1349560", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A87B204-19D0-4E12-B462-EB4BB25D196E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BA76759-0346-4978-B865-4C11D733A381", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\\/tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EEEC9DE-5CF5-4596-B64C-6CAA32110FA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DDAE7BE-54B1-472F-80D6-A5B3BC4F9035", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs2005_tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9887CEB-57EA-49A0-9CFD-910DAFE4A09D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F1794B6-B631-488C-B7DC-7D3E79C0D9CA", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "3051DBA5-8D2B-4630-8FA7-602AC7CB4576", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABBD929B-2E97-48F6-835E-9B217C846DE8", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "428D6C77-0592-4031-933E-2CFE0AB58BA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD719D49-5D66-4E3F-896C-97D0BCF0C2C6", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_pcie4000_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A698B47-3DF4-4FAB-9AA6-425FF823F303", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4A8A58D-90BC-4E6B-9CAD-7B8A72ACE990", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_pcie4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADB6EF67-BB61-4661-977B-A4968641E9BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8775CE8-282C-498C-9EA2-542338025F1B", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_pci4000_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FFEEEAD-22B2-49FC-8B2B-583D9DFFB291", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B608EB3-6BA1-4D4F-B3E4-31B984CD0B0F", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_pci4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "24EB7394-6BE3-44F4-A184-BA438200F532", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72335756-555D-413F-955B-02F57C6B8C01", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_gt\\/gt_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C3B0286-BD27-4032-B4FF-0A7481356039", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CF8B1A6-81B0-4A50-A340-2BA68922F614", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_gt\\/gt:-:*:*:*:*:*:*:*", "matchCriteriaId": "12FBC961-F834-4334-948A-9FC9E613301D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC710BB-60A5-4F43-AEF3-4BFCA13846F5", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA9CB765-BEE4-4318-ADBD-EE241CA9FA31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E28ED34B-2510-48B6-A2A8-55EB0937ABCE", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_delta_tx\\/tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FBF005C-9157-49E2-820F-C75B3828EDA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "050BE7DC-F22E-4022-A113-8A951170617A", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_core_tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "577E14AD-C198-4E8B-AC31-FF89F3EB97C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A091DE68-F0CE-480D-BD5E-90BD582ED1AE", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_core_tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B549B2C1-42A9-4D05-B32D-6E08A2BECBEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29581AAB-05BC-43F2-9527-1377413529E4", "versionEndExcluding": "8.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_centerport_vpn-1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "20459672-988A-403E-9073-37F3B38F972E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "65B7E551-0057-48E6-AEA8-33588AA4C54C", "versionEndExcluding": "10.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_4305:-:*:*:*:*:*:*:*", "matchCriteriaId": "31D36718-F7F5-40E4-9A01-58475943AB8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "16F72A3C-1E6A-4642-94C4-C2EA14C67A31", "versionEndExcluding": "10.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_4302:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C68D03F-E473-4F34-85FA-F7C81859E976", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73C34979-43F9-4D09-B8DD-64B741247AE5", "versionEndExcluding": "10.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_4102_pcie:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADCA6B7B-1420-4B75-8AF1-245C48A0809C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72C5CD24-7FB6-4482-A9C6-22B35B3DFE47", "versionEndExcluding": "10.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_4102_pci:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF36E8F0-08B9-46B2-B5E1-E207C70A0447", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEA88A13-7425-4EDB-89EC-BC68E6985FFA", "versionEndExcluding": "10.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_2105:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5DF8E58-5E12-4214-B659-5FC6CEB18879", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAC77981-EC77-4273-AAAA-0D715F6C75C6", "versionEndExcluding": "10.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_mguard_2102:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E3DCBF6-F308-4B53-A3CA-5A799A82F579", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in\u00a0mGuard devices."}, {"lang": "es", "value": "Un atacante remoto con pocos privilegios puede desencadenar la ejecuci\u00f3n de comandos arbitrarios del sistema operativo como superusuario debido a la neutralizaci\u00f3n incorrecta de elementos especiales en la variable EMAIL_NOTIFICATION.TO en los dispositivos mGuard."}], "id": "CVE-2024-43386", "lastModified": "2024-09-27T19:33:22.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2024-09-10T09:15:04.400", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2024-039"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}