VDE-2019-020
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-10-29 10:56 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: improper access control exists on FL NAT devices when using MAC-based port security
Notes
Summary: If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission.
'''
Subnet 2---(Ports belonging to subnet 2)
|
FL NAT 2xxx
|
(Ports belonging to subnet 1, port sec ON)---- 2nd device
|
-- unauthorized device
'''
The unauthorized device can access other devices in subnet 2 but cannot access the 2nd device in subnet 1.
Impact: If port security is enabled on a port, a device not authorized by MAC based port security or 802.1x based port security can access another subnet via the FL NAT 2xxx device that is routing between the subnet the unauthorized device is residing in and the 2nd subnet.
Mitigation: User should take care that network security is not relying solely on separating subnets with MAC or 802.1x based port security if the FL NAT 2xxx device is serving as a router between the subnets.
Remediation: This vulnerability will be fixed with the next firmware release V2.90, which will be available Q02/2020.
General Recommendation: If traps/logs/syslog for unauthorized access are enabled, notifications about the unauthorized access will be sent.
If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission.
8.2 (High)
Mitigation
User should take care that network security is not relying solely on separating subnets with MAC or 802.1x based port security if the FL NAT 2xxx device is serving as a router between the subnets.
Vendor Fix
This vulnerability will be fixed with the next firmware release V2.90, which will be available Q02/2020.
References
Acknowledgments
CERT@VDE
certvde.com
PHOENIX CONTACT
www.phoenixcontact.com/psirt
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "PHOENIX CONTACT",
"summary": "reporting",
"urls": [
"https://www.phoenixcontact.com/psirt"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission.\n\u0027\u0027\u0027\nSubnet 2---(Ports belonging to subnet 2)\n |\n FL NAT 2xxx\n |\n (Ports belonging to subnet 1, port sec ON)---- 2nd device\n |\n -- unauthorized device\n\n\u0027\u0027\u0027\nThe unauthorized device can access other devices in subnet 2 but cannot access the 2nd device in subnet 1.",
"title": "Summary"
},
{
"category": "description",
"text": "If port security is enabled on a port, a device not authorized by MAC based port security or 802.1x based port security can access another subnet via the FL NAT 2xxx device that is routing between the subnet the unauthorized device is residing in and the 2nd subnet.",
"title": "Impact"
},
{
"category": "description",
"text": "User should take care that network security is not relying solely on separating subnets with MAC or 802.1x based port security if the FL NAT 2xxx device is serving as a router between the subnets.\n\n",
"title": "Mitigation"
},
{
"category": "description",
"text": "This vulnerability will be fixed with the next firmware release V2.90, which will be available Q02/2020.",
"title": "Remediation"
},
{
"category": "general",
"text": "If traps/logs/syslog for unauthorized access are enabled, notifications about the unauthorized access will be sent.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2019-020: PHOENIX CONTACT: improper access control exists on FL NAT devices when using MAC-based port security - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-020"
},
{
"category": "self",
"summary": "VDE-2019-020: PHOENIX CONTACT: improper access control exists on FL NAT devices when using MAC-based port security - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-020.json"
}
],
"title": "PHOENIX CONTACT: improper access control exists on FL NAT devices when using MAC-based port security",
"tracking": {
"aliases": [
"VDE-2019-020"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2024-08-01T11:47:40.444Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.9"
}
},
"id": "VDE-2019-020",
"initial_release_date": "2019-10-29T10:56:00.000Z",
"revision_history": [
{
"date": "2019-10-29T10:56:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added alias, added self-reference"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: version space, added distribution, quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "2208",
"product": {
"name": "FL NAT 2208",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2702882"
]
}
}
},
{
"category": "product_name",
"name": "2304-2GC-2SFP",
"product": {
"name": "FL NAT 2304-2GC-2SFP",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2702981"
]
}
}
}
],
"category": "product_family",
"name": "FL NAT"
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.90",
"product": {
"name": "Firmware \u003c2.90",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.90",
"product": {
"name": "Firmware 2.90",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.90 installed on FL NAT 2208",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.90 installed on FL NAT 2304-2GC-2SFP",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.90 installed on FL NAT 2208",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.90 installed on FL NAT 2304-2GC-2SFP",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-18352",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "If MAC-based port security or 802.1x port security is enabled, the FL NAT 2xxx will unintentionally grant access to unauthorized devices in case of routed transmission.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "User should take care that network security is not relying solely on separating subnets with MAC or 802.1x based port security if the FL NAT 2xxx device is serving as a router between the subnets.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"date": "2020-04-01T10:00:00.000Z",
"details": "This vulnerability will be fixed with the next firmware release V2.90, which will be available Q02/2020.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2019-18352"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…