CVE-2024-43385: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

Affected

72 ranges· showing 25

Vendor	Product	Version range	Fixed in
phoenix_contact	fl_mguard_2102	< 10.4.1	10.4.1
phoenix_contact	fl_mguard_2105	< 10.4.1	10.4.1
phoenix_contact	fl_mguard_4102_pci	< 10.4.1	10.4.1
phoenix_contact	fl_mguard_4102_pcie	< 10.4.1	10.4.1
phoenix_contact	fl_mguard_4302	< 10.4.1	10.4.1
phoenix_contact	fl_mguard_4305	< 10.4.1	10.4.1
phoenix_contact	fl_mguard_centerport_vpn-1000	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_core_tx	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_core_tx_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_delta_tx_tx	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_delta_tx_tx_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_gt_gt	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_gt_gt_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_pci4000	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_pci4000_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_pcie4000	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_pcie4000_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs2000_tx_tx-b	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs2000_tx_tx_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs2005_tx_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs4000_tx_tx	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs4000_tx_tx-m	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs4000_tx_tx-p	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs4000_tx_tx_vpn	< 8.9.3	8.9.3
phoenix_contact	fl_mguard_rs4004_tx_dtx	< 8.9.3	8.9.3