CVE-2024-7698 — MEDIUM (5.7)

Q: What is CVE-2024-7698?

CVE-2024-7698 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

Q: How severe is CVE-2024-7698?

CVE-2024-7698 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-7698?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware.

Vulnerability Description

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn	-
Phoenixcontact	Tc Mguard Rs4000 3G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs4000 3G Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Vzw Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Vpn	-
Phoenixcontact	Tc Mguard Rs2000 4G Att Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 4G Att Vpn	-
Phoenixcontact	Tc Mguard Rs2000 3G Vpn Firmware	< 8.9.3
Phoenixcontact	Tc Mguard Rs2000 3G Vpn	-
Phoenixcontact	Fl Mguard Smart2 Vpn Firmware	< 8.9.3
Phoenixcontact	Fl Mguard Smart2 Vpn	-
Phoenixcontact	Fl Mguard Smart2 Firmware	< 8.9.3
Phoenixcontact	Fl Mguard Smart2	-

Related Weaknesses (CWE)

CWE-201

References

https://cert.vde.com/en/advisories/VDE-2024-039Third Party Advisory

FAQ

What is CVE-2024-7698?

CVE-2024-7698 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

How severe is CVE-2024-7698?

CVE-2024-7698 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7698?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware.