Plataforma
other
Componente
fl-mguard-2102
Corregido en
10.4.1
10.4.1
10.4.1
10.4.1
10.4.1
10.4.1
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
CVE-2024-43391 is a high-severity vulnerability affecting FL MGUARD 2102 firewalls. A remote, low-privileged attacker can manipulate firewall configurations, leading to a Denial of Service (DoS). This vulnerability impacts versions 0 through 10.4.1 and is resolved in version 10.4.1.
The vulnerability lies in the FWPORTFORWARDING.SRCIP environment variable, which allows an attacker to modify critical firewall services. Successful exploitation could lead to the disruption of network traffic, blocking legitimate users and services. An attacker could configure packet filters to drop all traffic, disable packet forwarding, or manipulate network access control rules, effectively rendering the firewall useless. The blast radius extends to any systems relying on the firewall for protection, potentially impacting entire networks.
This vulnerability was publicly disclosed on 2024-09-10. Currently, there are no known public exploits or active campaigns targeting this CVE. The vulnerability is not listed on the CISA KEV catalog at the time of writing. While no exploitation is confirmed, the ease of configuration manipulation suggests a potential for future exploitation.
Organizations relying on FL MGUARD 2102 firewalls for network security are at risk, particularly those with exposed management interfaces or those using default configurations. Environments with limited network segmentation or monitoring are also more vulnerable.
disclosure
Estado del Exploit
EPSS
0.89% (75% percentil)
CISA SSVC
Vector CVSS
The primary mitigation is to upgrade FL MGUARD 2102 firewalls to version 10.4.1 or later. If an immediate upgrade is not possible, consider restricting access to the configuration interface and carefully auditing the FWPORTFORWARDING.SRCIP environment variable for any unauthorized changes. Implement strict input validation on any user-supplied data used in firewall configuration to prevent malicious manipulation. Review firewall rules and logs for any suspicious activity.
Actualice el firmware de su dispositivo Phoenix Contact FL MGUARD 2102 a la versión 10.4.1 o superior. Esto corregirá la vulnerabilidad que permite a atacantes remotos no autenticados realizar cambios en la configuración del firewall. Consulte el aviso de seguridad del proveedor para obtener instrucciones detalladas sobre cómo realizar la actualización.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2024-43391 is a high-severity vulnerability in FL MGUARD 2102 firewalls allowing remote attackers to cause a Denial of Service by manipulating firewall configurations.
You are affected if you are using FL MGUARD 2102 versions 0 through 10.4.1. Upgrade to 10.4.1 or later to mitigate the risk.
Upgrade your FL MGUARD 2102 firewall to version 10.4.1 or later. If an upgrade is not immediately possible, restrict access to the configuration interface and audit the FWPORTFORWARDING.SRCIP variable.
As of the current date, there are no confirmed reports of active exploitation of CVE-2024-43391, but the vulnerability's nature suggests a potential for future attacks.
Please refer to the official FL MGUARD security advisory for detailed information and updates regarding CVE-2024-43391.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.