CVE-2024-7698Sensitive Info Insertion into Sent Data in Contact FL Mguard 2102

CWE-201Sensitive Info Insertion into Sent DataCWE-212Improper Removal of Sensitive Information Before Storage or Transfer3 documents3 sources
Severity
5.7MEDIUMNVD
EPSS
0.2%
top 59.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
72
Phoenix Contact FL Mguard 2102Phoenix Contact FL Mguard 2105Phoenix Contact FL Mguard 4102 PCI+69 more
Timeline
PublishedSep 10

Description

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages72 packages

CVEListV5phoenix_contact/fl_mguard_2102< 10.4.1
CVEListV5phoenix_contact/fl_mguard_2105< 10.4.1
CVEListV5phoenix_contact/fl_mguard_4302< 10.4.1
CVEListV5phoenix_contact/fl_mguard_4305< 10.4.1

🔴Vulnerability Details

2
GHSA
GHSA-vq98-jh26-q3x7: A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks2024-09-10
CVEList
Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products2024-09-10
CVE-2024-7698 — Sensitive Info Insertion into Sent Data | cvebase