VDE-2022-014

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-04-12 06:00 - Updated: 2025-05-22 13:03
Summary
PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver
Notes
Summary: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. For the mGuard Device Manager only the mdm Installer for Windows is affected.
Impact: Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles ('ATV profiles'). Such configuration profiles may contain sensitive information, e.g., private keys associated with IPsec VPN connections.
Mitigation: This vulnerability is exploitable only if the ConfigPull functionality is used and config files are stored unencrypted. As a best practice and mitigation measure, we recommend storing configuration files encrypted with the device specific public key of the mGuard appliances.
Remediation: PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.
CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Mitigation This vulnerability is exploitable only if the ConfigPull functionality is used and config files are stored unencrypted. As a best practice and mitigation measure, we recommend storing configuration files encrypted with the device specific public key of the mGuard appliances.
Vendor Fix PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.
References
Acknowledgments
CERT@VDE
James Kettle
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      },
      {
        "organization": "James Kettle",
        "summary": "discovering."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling.\nFor the mGuard Device Manager only the mdm Installer for Windows is affected.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (\u0027ATV profiles\u0027). Such configuration profiles may contain sensitive information, e.g., private keys associated with IPsec VPN connections.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "This vulnerability is exploitable only if the ConfigPull functionality is used and config files are stored unencrypted. As a best practice and mitigation measure, we recommend storing configuration files encrypted with the device specific public key of the mGuard appliances.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "PHOENIX CONTACT PSIRT ",
        "url": "https://phoenixcontact.com/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-014: PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2022-014/"
      },
      {
        "category": "self",
        "summary": "VDE-2022-014: PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-014.json"
      }
    ],
    "title": "PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver",
    "tracking": {
      "aliases": [
        "VDE-2022-014"
      ],
      "current_release_date": "2025-05-22T13:03:10.000Z",
      "generator": {
        "date": "2025-03-31T07:41:03.598Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.22"
        }
      },
      "id": "VDE-2022-014",
      "initial_release_date": "2022-04-12T06:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-04-12T06:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-22T13:03:10.000Z",
          "number": "2",
          "summary": "Fix: added distribution, quotation mark"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "FL MGUARD DM UNLIMITED",
                "product": {
                  "name": "FL MGUARD DM UNLIMITED",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2981974"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.13.0.1",
                "product": {
                  "name": "Firmware \u003c=1.13.0.1",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "1.13.0.2",
                "product": {
                  "name": "Firmware 1.13.0.2",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "PHOENIX CONTACT"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.13.0.1 installed on FL MGUARD DM UNLIMITED",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.13.0.2 installed on FL MGUARD DM UNLIMITED",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-22720",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "This vulnerability is exploitable only if the ConfigPull functionality is used and config files are stored unencrypted. As a best practice and mitigation measure, we recommend storing configuration files encrypted with the device specific public key of the mGuard appliances.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2022-22720"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.