CVE-2024-43386

8.8

HIGH CVSS 3.1

Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices.

Overview

Description

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.

Details

INFO

Published Date :

Sept. 10, 2024, 9:15 a.m.

Last Modified :

Sept. 27, 2024, 7:33 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Impact

Affected Products

The following products are affected by CVE-2024-43386 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Phoenixcontact	tc_mguard_rs4000_4g_vzw_vpn_firmware
2	Phoenixcontact	tc_mguard_rs4000_4g_att_vpn_firmware
3	Phoenixcontact	fl_mguard_rs4004_tx\/dtx_firmware
4	Phoenixcontact	fl_mguard_rs4004_tx\/dtx_vpn_firmware
5	Phoenixcontact	tc_mguard_rs4000_3g_vpn_firmware
6	Phoenixcontact	tc_mguard_rs4000_4g_vpn_firmware
7	Phoenixcontact	fl_mguard_centerport_vpn-1000_firmware
8	Phoenixcontact	fl_mguard_core_tx_firmware
9	Phoenixcontact	fl_mguard_core_tx_vpn_firmware
10	Phoenixcontact	fl_mguard_delta_tx\/tx_firmware
11	Phoenixcontact	fl_mguard_delta_tx\/tx_vpn_firmware
12	Phoenixcontact	fl_mguard_gt\/gt_firmware
13	Phoenixcontact	fl_mguard_gt\/gt_vpn_firmware
14	Phoenixcontact	fl_mguard_pci4000_firmware
15	Phoenixcontact	fl_mguard_pci4000_vpn_firmware
16	Phoenixcontact	fl_mguard_pcie4000_firmware
17	Phoenixcontact	fl_mguard_pcie4000_vpn_firmware
18	Phoenixcontact	fl_mguard_rs2000_tx\/tx-b_firmware
19	Phoenixcontact	fl_mguard_rs2000_tx\/tx_vpn_firmware
20	Phoenixcontact	fl_mguard_rs2005_tx_vpn_firmware
21	Phoenixcontact	fl_mguard_rs4000_tx\/tx_firmware
22	Phoenixcontact	fl_mguard_rs4000_tx\/tx-m_firmware
23	Phoenixcontact	fl_mguard_rs4000_tx\/tx-p_firmware
24	Phoenixcontact	fl_mguard_rs4000_tx\/tx_vpn_firmware
25	Phoenixcontact	fl_mguard_smart2_firmware
26	Phoenixcontact	fl_mguard_smart2_vpn_firmware
27	Phoenixcontact	tc_mguard_rs2000_3g_vpn_firmware
28	Phoenixcontact	tc_mguard_rs2000_4g_att_vpn_firmware
29	Phoenixcontact	tc_mguard_rs2000_4g_vpn_firmware
30	Phoenixcontact	tc_mguard_rs2000_4g_vzw_vpn_firmware
31	Phoenixcontact	fl_mguard_2102_firmware
32	Phoenixcontact	fl_mguard_4102_pci_firmware
33	Phoenixcontact	fl_mguard_4102_pcie_firmware
34	Phoenixcontact	fl_mguard_4302_firmware
35	Phoenixcontact	tc_mguard_rs4000_4g_vzw_vpn
36	Phoenixcontact	tc_mguard_rs4000_4g_vpn
37	Phoenixcontact	tc_mguard_rs4000_4g_att_vpn
38	Phoenixcontact	tc_mguard_rs4000_3g_vpn
39	Phoenixcontact	tc_mguard_rs2000_4g_vzw_vpn
40	Phoenixcontact	tc_mguard_rs2000_4g_vpn
41	Phoenixcontact	tc_mguard_rs2000_4g_att_vpn
42	Phoenixcontact	tc_mguard_rs2000_3g_vpn
43	Phoenixcontact	fl_mguard_smart2_vpn
44	Phoenixcontact	fl_mguard_smart2
45	Phoenixcontact	fl_mguard_rs4004_tx\/dtx_vpn
46	Phoenixcontact	fl_mguard_rs4004_tx\/dtx
47	Phoenixcontact	fl_mguard_rs4000_tx\/tx_vpn
48	Phoenixcontact	fl_mguard_rs4000_tx\/tx-p
49	Phoenixcontact	fl_mguard_rs4000_tx\/tx-m
50	Phoenixcontact	fl_mguard_rs4000_tx\/tx
51	Phoenixcontact	fl_mguard_rs2005_tx_vpn
52	Phoenixcontact	fl_mguard_rs2000_tx\/tx_vpn
53	Phoenixcontact	fl_mguard_rs2000_tx\/tx-b
54	Phoenixcontact	fl_mguard_pcie4000_vpn
55	Phoenixcontact	fl_mguard_pcie4000
56	Phoenixcontact	fl_mguard_pci4000_vpn
57	Phoenixcontact	fl_mguard_pci4000
58	Phoenixcontact	fl_mguard_gt\/gt_vpn
59	Phoenixcontact	fl_mguard_gt\/gt
60	Phoenixcontact	fl_mguard_delta_tx\/tx_vpn
61	Phoenixcontact	fl_mguard_delta_tx\/tx
62	Phoenixcontact	fl_mguard_core_tx_vpn
63	Phoenixcontact	fl_mguard_core_tx
64	Phoenixcontact	fl_mguard_centerport_vpn-1000
65	Phoenixcontact	fl_mguard_4305_firmware
66	Phoenixcontact	fl_mguard_4305
67	Phoenixcontact	fl_mguard_4302
68	Phoenixcontact	fl_mguard_4102_pcie
69	Phoenixcontact	fl_mguard_4102_pci
70	Phoenixcontact	fl_mguard_2105_firmware
71	Phoenixcontact	fl_mguard_2105
72	Phoenixcontact	fl_mguard_2102

: Total Affected Vendor : 1 | Products : 72

Scoring

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	HIGH				[email protected]

Public PoC/Exploit Available at Github

CVE-2024-43386 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-43386.

URL	Resource
https://cert.vde.com/en/advisories/VDE-2024-039	Third Party Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-43386 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-43386 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

mrhenrike/FirewallXPL-Forge

Perimeter security exploitation framework — 164 modules covering FW, NGFW, UTM, WAF, VPN, NAC, LB, and OT/ICS firewalls (Fortinet, Cisco, Palo Alto, F5, Citrix, Check Point, SonicWall, Ivanti, Siemens, Moxa, +13 vendors). GPU-accelerated, ML-driven, async concurrency, Rich TUI.

exploitation-framework firewall ics-security ngfw ot-security penetration-testing pentest python red-team security-testing vpn-exploit vulnerability-scanner waf-bypass

Shell Makefile Python

Updated: 1 day, 2 hours ago

0 stars 0 fork 0 watcher

Born at : April 5, 2026, 5:09 a.m. This repo has been linked 48 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-43386 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-43386 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Sep. 27, 2024

Action	Type	Old Value	New Value
Changed	Reference Type	https://cert.vde.com/en/advisories/VDE-2024-039 No Types Assigned	https://cert.vde.com/en/advisories/VDE-2024-039 Third Party Advisory
Added	CWE		NIST CWE-78
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_att_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_3g_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_4g_att_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:tc_mguard_rs2000_3g_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_smart2_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_smart2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\/dtx_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\/dtx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\/tx_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx-p_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\/tx-p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx-m_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\/tx-m:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs4000_tx\/tx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs2005_tx_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\/tx_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs2000_tx\/tx_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\/tx-b_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_rs2000_tx\/tx-b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_pcie4000_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_pcie4000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_pci4000_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_pci4000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_gt\/gt_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_gt\/gt_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_gt\/gt_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_gt\/gt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\/tx_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_delta_tx\/tx_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\/tx_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_delta_tx\/tx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_core_tx_vpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_core_tx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware::::::::* versions up to (excluding) 8.9.3 OR cpe:2.3:h:phoenixcontact:fl_mguard_centerport_vpn-1000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware::::::::* versions up to (excluding) 10.4.1 OR cpe:2.3:h:phoenixcontact:fl_mguard_4305:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware::::::::* versions up to (excluding) 10.4.1 OR cpe:2.3:h:phoenixcontact:fl_mguard_4302:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware::::::::* versions up to (excluding) 10.4.1 OR cpe:2.3:h:phoenixcontact:fl_mguard_4102_pcie:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware::::::::* versions up to (excluding) 10.4.1 OR cpe:2.3:h:phoenixcontact:fl_mguard_4102_pci:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware::::::::* versions up to (excluding) 10.4.1 OR cpe:2.3:h:phoenixcontact:fl_mguard_2105:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware::::::::* versions up to (excluding) 10.4.1 OR cpe:2.3:h:phoenixcontact:fl_mguard_2102:-:::::::*

CVE Received by [email protected]

Sep. 10, 2024

Action	Type	New Value
Added	Description	A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
Added	Reference	CERT VDE https://cert.vde.com/en/advisories/VDE-2024-039 [No types assigned]
Added	CWE	CERT VDE CWE-78
Added	CVSS V3.1	CERT VDE AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CVE-2024-43386

Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices.

Description

INFO

Sept. 10, 2024, 9:15 a.m.

Sept. 27, 2024, 7:33 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

mrhenrike/FirewallXPL-Forge

Initial Analysis by [email protected]

CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 8.8

Browse by Apps

CVE-2024-43386

Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices.

Description

INFO

Sept. 10, 2024, 9:15 a.m.

Sept. 27, 2024, 7:33 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

mrhenrike/FirewallXPL-Forge

Initial Analysis by [email protected]

CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 8.8

Cookie Preferences