U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:8.8.3:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 13 matching records.
Displaying matches 1 through 13.
Vuln ID Summary CVSS Severity
CVE-2024-7699

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

Published: September 10, 2024; 5:15:07 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-7698

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

Published: September 10, 2024; 5:15:06 AM -0400
V4.0:(not available)
V3.1: 5.7 MEDIUM
V2.0:(not available)
CVE-2024-43393

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.

Published: September 10, 2024; 5:15:06 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-43392

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.

Published: September 10, 2024; 5:15:06 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-43391

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.

Published: September 10, 2024; 5:15:05 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-43390

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.

Published: September 10, 2024; 5:15:05 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-43389

A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.

Published: September 10, 2024; 5:15:05 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2024-43388

A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.

Published: September 10, 2024; 5:15:04 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-43387

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.

Published: September 10, 2024; 5:15:04 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-43386

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

Published: September 10, 2024; 5:15:04 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-43385

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

Published: September 10, 2024; 5:15:04 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-7734

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.

Published: September 10, 2024; 4:15:04 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-3480

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

Published: November 15, 2022; 6:15:12 AM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)