CVE-2024-43386 — HIGH (8.8)

Q: What is CVE-2024-43386?

CVE-2024-43386 is a vulnerability with a CVSS score of 8.8 (HIGH). A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

Q: How severe is CVE-2024-43386?

CVE-2024-43386 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-43386?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware.

Vulnerability Description

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn	-
Phoenixcontact	Tc Mguard Rs4000 3G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 3G Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Vzw Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Att Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Att Vpn	-
Phoenixcontact	Tc Mguard Rs2000 3G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 3G Vpn	-
Phoenixcontact	Fl Mguard Smart2 Vpn Firmware	< 8.9.3
Phoenixcontact	Fl Mguard Smart2 Vpn	-
Phoenixcontact	Fl Mguard Smart2 Firmware	< 8.9.3
Phoenixcontact	Fl Mguard Smart2	-

Related Weaknesses (CWE)

CWE-78

References

https://cert.vde.com/en/advisories/VDE-2024-039Third Party Advisory

FAQ

What is CVE-2024-43386?

CVE-2024-43386 is a vulnerability with a CVSS score of 8.8 (HIGH). A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

How severe is CVE-2024-43386?

CVE-2024-43386 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-43386?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware.