Description
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.
Reserved 2024-08-12 | Published 2024-09-10 | Updated 2024-10-01 | Assigner
CERTVDEHIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Problem types
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Product status
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 10.4.1
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Default status
unaffected
Any version before 8.9.3
affected
Credits
Andrea Palanca finder
Nozomi Networks Security Research Team reporter
References
cert.vde.com/en/advisories/VDE-2024-039
cve.org (CVE-2024-43393)
nvd.nist.gov (CVE-2024-43393)
Download JSON
Subscribe to our newsletter to learn more about our work.