CVE-2024-7734

CWE-770Allocation without Limits4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 54.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
72
Phoenix Contact FL Mguard 2102Phoenix Contact FL Mguard 2105Phoenix Contact FL Mguard 4102 PCI+69 more
Timeline
PublishedSep 10
Latest updateOct 27

Description

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages72 packages

CVEListV5phoenix_contact/fl_mguard_2102< 10.4.1
CVEListV5phoenix_contact/fl_mguard_2105< 10.4.1
CVEListV5phoenix_contact/fl_mguard_4302< 10.4.1
CVEListV5phoenix_contact/fl_mguard_4305< 10.4.1

🔴Vulnerability Details

3
OSV
ruby2.3, ruby2.5, ruby2.7 vulnerabilities2025-10-27
CVEList
Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.2024-09-10
GHSA
GHSA-rhjq-jm8v-8g8r: An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connectio2024-09-10
CVE-2024-7734 (MEDIUM CVSS 5.3) | An unauthenticated remote attacker | cvebase.io