Description
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
Reserved 2024-08-12 | Published 2024-09-10 | Updated 2024-09-10 | Assigner
CERTVDEHIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Credits
Andrea Palanca finder
Nozomi Networks Security Research Team reporter
References
cert.vde.com/en/advisories/VDE-2024-039
cve.org (CVE-2024-43386)
nvd.nist.gov (CVE-2024-43386)
Download JSON
Subscribe to our newsletter to learn more about our work.