CVE-2024-43391 — HIGH (8.1)

Q: How severe is CVE-2024-43391?

CVE-2024-43391 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-43391?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware.

Vulnerability Description

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn	-
Phoenixcontact	Tc Mguard Rs4000 3G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 3G Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Vzw Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Att Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Att Vpn	-
Phoenixcontact	Tc Mguard Rs2000 3G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 3G Vpn	-
Phoenixcontact	Fl Mguard Smart2 Vpn Firmware	< 8.9.3
Phoenixcontact	Fl Mguard Smart2 Vpn	-
Phoenixcontact	Fl Mguard Smart2 Firmware	< 8.9.3
Phoenixcontact	Fl Mguard Smart2	-

Related Weaknesses (CWE)

CWE-94

References

https://cert.vde.com/en/advisories/VDE-2024-039Third Party Advisory

FAQ

What is CVE-2024-43391?

CVE-2024-43391 is a vulnerability with a CVSS score of 8.1 (HIGH). A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC...

How severe is CVE-2024-43391?

CVE-2024-43391 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-43391?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware.