ГлавнаяУязвимости → CVE-2024-43386
8.8высокая

CVE-2024-43386

Описание

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

Затрагиваемое ПО
Phoenixcontact Tc mguard rs4000 4g vzw vpn firmwarePhoenixcontact Tc mguard rs4000 4g vzw vpnPhoenixcontact Tc mguard rs4000 4g vpn firmwarePhoenixcontact Tc mguard rs4000 4g vpnPhoenixcontact Tc mguard rs4000 4g att vpn firmwarePhoenixcontact Tc mguard rs4000 4g att vpnPhoenixcontact Tc mguard rs4000 3g vpn firmwarePhoenixcontact Tc mguard rs4000 3g vpnPhoenixcontact Tc mguard rs2000 4g vzw vpn firmwarePhoenixcontact Tc mguard rs2000 4g vzw vpnPhoenixcontact Tc mguard rs2000 4g vpn firmwarePhoenixcontact Tc mguard rs2000 4g vpnPhoenixcontact Tc mguard rs2000 4g att vpn firmwarePhoenixcontact Tc mguard rs2000 4g att vpnPhoenixcontact Tc mguard rs2000 3g vpn firmwarePhoenixcontact Tc mguard rs2000 3g vpnPhoenixcontact Fl mguard smart2 vpn firmwarePhoenixcontact Fl mguard smart2 vpnPhoenixcontact Fl mguard smart2 firmwarePhoenixcontact Fl mguard smart2Phoenixcontact Fl mguard rs4004 tx\/dtx vpn firmwarePhoenixcontact Fl mguard rs4004 tx\/dtx vpnPhoenixcontact Fl mguard rs4004 tx\/dtx firmwarePhoenixcontact Fl mguard rs4004 tx\/dtxPhoenixcontact Fl mguard rs4000 tx\/tx vpn firmware
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://cert.vde.com/en/advisories/VDE-2024-039