Description
A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.
Reserved 2024-08-12 | Published 2024-09-10 | Updated 2024-10-01 | Assigner
CERTVDEHIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Problem types
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Product status
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Credits
Andrea Palanca finder
Nozomi Networks Security Research Team reporter
References
cert.vde.com/en/advisories/VDE-2024-039
cve.org (CVE-2024-43390)
nvd.nist.gov (CVE-2024-43390)
Download JSON
Subscribe to our newsletter to learn more about our work.