github - ghsa-r53h-jp5f-7qxm

ghsa-r53h-jp5f-7qxm

Vulnerability from github

Published

2024-09-10 09:31

Modified

2024-09-10 09:31

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-43385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T09:15:04Z",
    "severity": "HIGH"
  },
  "details": "A low privileged remote attacker can trigger the\u00a0execution of arbitrary OS commands as root due to improper neutralization of special elements in\u00a0the variable PROXY_HTTP_PORT in\u00a0mGuard devices.",
  "id": "GHSA-r53h-jp5f-7qxm",
  "modified": "2024-09-10T09:31:12Z",
  "published": "2024-09-10T09:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43385"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-039"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-43385 (GCVE-0-2024-43385)

Vulnerability from cvelistv5

Published

2024-09-10 08:43

Modified

2024-09-10 14:25

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - :Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Summary

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

References

URL

Tags

https://cert.vde.com/en/advisories/VDE-2024-039

Impacted products

Vendor

Product

Version

PHOENIX CONTACT

FL MGUARD 2102

Version: 0 ≤

PHOENIX CONTACT	FL MGUARD 2105	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD 4102 PCI	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD 4102 PCIE	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD 4302	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD 4305	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD CENTERPORT VPN-1000	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD CORE TX	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD CORE TX VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD DELTA TX/TX	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD DELTA TX/TX VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD GT/GT	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD GT/GT VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD PCI4000	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD PCI4000 VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD PCIE4000	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD PCIE4000 VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS2000 TX/TX-B	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS2000 TX/TX VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS2005 TX VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX-M	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX-P	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS4004 TX/DTX	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD RS4004 TX/DTX VPN	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD SMART2	Version: 0 ≤
PHOENIX CONTACT	FL MGUARD SMART2 VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS2000 3G VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS2000 4G ATT VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS2000 4G VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS2000 4G VZW VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS4000 3G VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS4000 4G ATT VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS4000 4G VPN	Version: 0 ≤
PHOENIX CONTACT	TC MGUARD RS4000 4G VZW VPN	Version: 0 ≤

Show details on NVD website