プラットフォーム
other
コンポーネント
fl-mguard-2102
修正版
10.4.1
10.4.1
10.4.1
10.4.1
10.4.1
10.4.1
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
8.9.3
CVE-2024-43391 is a high-severity vulnerability affecting FL MGUARD 2102 firewalls. A remote, low-privileged attacker can manipulate firewall configurations, leading to a Denial of Service (DoS). This vulnerability impacts versions 0 through 10.4.1 and is resolved in version 10.4.1.
The vulnerability lies in the FWPORTFORWARDING.SRCIP environment variable, which allows an attacker to modify critical firewall services. Successful exploitation could lead to the disruption of network traffic, blocking legitimate users and services. An attacker could configure packet filters to drop all traffic, disable packet forwarding, or manipulate network access control rules, effectively rendering the firewall useless. The blast radius extends to any systems relying on the firewall for protection, potentially impacting entire networks.
This vulnerability was publicly disclosed on 2024-09-10. Currently, there are no known public exploits or active campaigns targeting this CVE. The vulnerability is not listed on the CISA KEV catalog at the time of writing. While no exploitation is confirmed, the ease of configuration manipulation suggests a potential for future exploitation.
Organizations relying on FL MGUARD 2102 firewalls for network security are at risk, particularly those with exposed management interfaces or those using default configurations. Environments with limited network segmentation or monitoring are also more vulnerable.
disclosure
エクスプロイト状況
EPSS
0.89% (75% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to upgrade FL MGUARD 2102 firewalls to version 10.4.1 or later. If an immediate upgrade is not possible, consider restricting access to the configuration interface and carefully auditing the FWPORTFORWARDING.SRCIP environment variable for any unauthorized changes. Implement strict input validation on any user-supplied data used in firewall configuration to prevent malicious manipulation. Review firewall rules and logs for any suspicious activity.
Actualice el firmware de su dispositivo Phoenix Contact FL MGUARD 2102 a la versión 10.4.1 o superior. Esto corregirá la vulnerabilidad que permite a atacantes remotos no autenticados realizar cambios en la configuración del firewall. Consulte el aviso de seguridad del proveedor para obtener instrucciones detalladas sobre cómo realizar la actualización.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-43391 is a high-severity vulnerability in FL MGUARD 2102 firewalls allowing remote attackers to cause a Denial of Service by manipulating firewall configurations.
You are affected if you are using FL MGUARD 2102 versions 0 through 10.4.1. Upgrade to 10.4.1 or later to mitigate the risk.
Upgrade your FL MGUARD 2102 firewall to version 10.4.1 or later. If an upgrade is not immediately possible, restrict access to the configuration interface and audit the FWPORTFORWARDING.SRCIP variable.
As of the current date, there are no confirmed reports of active exploitation of CVE-2024-43391, but the vulnerability's nature suggests a potential for future attacks.
Please refer to the official FL MGUARD security advisory for detailed information and updates regarding CVE-2024-43391.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。