CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2024-4194 (GCVE-0-2024-4194)
Vulnerability from cvelistv5 – Published: 2024-06-06 02:02 – Updated: 2026-04-08 16:50
VLAI
Title
Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution
Summary
The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| essentialplugin | Album and Image Gallery Plus Lightbox |
Affected:
0 , ≤ 2.0
(semver)
|
|
| wponlinesupport | album_and_image_gallery_plus_lightbox |
Affected:
0 , ≤ 2.0
(custom)
cpe:2.3:a:wponlinesupport:album_and_image_gallery_plus_lightbox:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wponlinesupport:album_and_image_gallery_plus_lightbox:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "album_and_image_gallery_plus_lightbox",
"vendor": "wponlinesupport",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T15:16:35.008248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T20:00:20.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Album and Image Gallery Plus Lightbox",
"vendor": "essentialplugin",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:09.186Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album-slider.php#L207"
},
{
"url": "https://plugins.trac.wordpress.org/browser/album-and-image-gallery-plus-lightbox/trunk/includes/shortcode/aigpl-gallery-album.php#L185"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3097986%40album-and-image-gallery-plus-lightbox\u0026new=3097986%40album-and-image-gallery-plus-lightbox\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-05T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Album and Image Gallery plus Lightbox \u003c= 2.0 - Unauthenticated Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4194",
"datePublished": "2024-06-06T02:02:57.036Z",
"dateReserved": "2024-04-25T15:27:36.525Z",
"dateUpdated": "2026-04-08T16:50:09.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41961 (GCVE-0-2024-41961)
Vulnerability from cvelistv5 – Published: 2024-08-01 14:33 – Updated: 2024-08-07 14:23
VLAI
Title
Elektra vulnerable to remote code execution in universal search
Summary
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.
Severity
9.2 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/sapcc/elektra/security/advisor… | x_refsource_CONFIRM |
| https://github.com/sapcc/elektra/commit/49aea3b36… | x_refsource_MISC |
| https://github.com/sapcc/elektra/commit/8bce00be9… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sapcc:elektra:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elektra",
"vendor": "sapcc",
"versions": [
{
"lessThan": "8bce00be93b95a6512ff68fe86bf9554e486bc02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:22:09.735872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T14:23:43.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "elektra",
"vendor": "sapcc",
"versions": [
{
"status": "affected",
"version": "\u003c 8bce00be93b95a6512ff68fe86bf9554e486bc02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H/E:X/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:33:46.684Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q"
},
{
"name": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d"
},
{
"name": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02"
}
],
"source": {
"advisory": "GHSA-6j2h-486h-487q",
"discovery": "UNKNOWN"
},
"title": "Elektra vulnerable to remote code execution in universal search"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41961",
"datePublished": "2024-08-01T14:33:46.684Z",
"dateReserved": "2024-07-24T16:51:40.951Z",
"dateUpdated": "2024-08-07T14:23:43.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4202 (GCVE-0-2024-4202)
Vulnerability from cvelistv5 – Published: 2024-05-15 16:53 – Updated: 2024-08-01 20:33
VLAI
Title
Progress Telerik Reporting Local Instantiation Vulnerability
Summary
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.telerik.com/reporting/knowledge-base… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | Telerik Reporting |
Affected:
1.0.0.0 , < 18.1.24.2.514
(semver)
|
|
| progress | telerik_reporting |
Affected:
1.0.0.0 , < 18.1.24.2.514
(custom)
cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:* |
Date Public
2024-05-15 14:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "telerik_reporting",
"vendor": "progress",
"versions": [
{
"lessThan": "18.1.24.2.514",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T17:36:34.450718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:47:25.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Telerik Reporting",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "18.1.24.2.514",
"status": "affected",
"version": "1.0.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-15T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability."
}
],
"value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T16:53:30.262Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Progress Telerik Reporting Local Instantiation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-4202",
"datePublished": "2024-05-15T16:53:30.262Z",
"dateReserved": "2024-04-25T17:02:21.125Z",
"dateUpdated": "2024-08-01T20:33:52.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4261 (GCVE-0-2024-4261)
Vulnerability from cvelistv5 – Published: 2024-05-22 12:44 – Updated: 2026-04-08 17:04
VLAI
Title
Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Summary
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| themehunk | Lead Form Builder & Contact Form |
Affected:
0 , ≤ 1.9.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:18:47.569893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:22.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/858d8641-7455-47c2-9639-480ce4ec3540?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/lead-form-builder/trunk/block/app.php#L24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lead Form Builder \u0026 Contact Form",
"vendor": "themehunk",
"versions": [
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Responsive Contact Form Builder \u0026 Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:04:37.482Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/858d8641-7455-47c2-9639-480ce4ec3540?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/lead-form-builder/trunk/block/app.php#L24"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-26T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-21T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Responsive Contact Form Builder \u0026 Lead Generation Plugin \u003c= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4261",
"datePublished": "2024-05-22T12:44:36.426Z",
"dateReserved": "2024-04-26T15:46:46.247Z",
"dateUpdated": "2026-04-08T17:04:37.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4264 (GCVE-0-2024-4264)
Vulnerability from cvelistv5 – Published: 2024-05-18 00:00 – Updated: 2024-09-03 19:16
VLAI
Title
Remote Code Execution in berriai/litellm
Summary
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| berriai | berriai/litellm |
Affected:
unspecified , ≤ latest
(custom)
|
|
| berriai | litellm |
Affected:
0 , < *
(custom)
cpe:2.3:a:berriai:litellm:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:berriai:litellm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "litellm",
"vendor": "berriai",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4264",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T19:26:40.591440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:16:28.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "berriai/litellm",
"vendor": "berriai",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-18T00:00:15.222Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/a3221b0c-6e25-4295-ab0f-042997e8fc61"
}
],
"source": {
"advisory": "a3221b0c-6e25-4295-ab0f-042997e8fc61",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in berriai/litellm"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4264",
"datePublished": "2024-05-18T00:00:15.222Z",
"dateReserved": "2024-04-26T17:24:03.780Z",
"dateUpdated": "2024-09-03T19:16:28.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43128 (GCVE-0-2024-43128)
Vulnerability from cvelistv5 – Published: 2024-08-13 10:52 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wc-… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| WC Product Table | WooCommerce Product Table Lite |
Affected:
n/a , ≤ 3.5.1
(custom)
|
|
| wcproducttable | woocommerce_product_table_lite |
Affected:
0 , ≤ 3.5.1
(custom)
cpe:2.3:a:wcproducttable:woocommerce_product_table_lite:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wcproducttable:woocommerce_product_table_lite:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "woocommerce_product_table_lite",
"vendor": "wcproducttable",
"versions": [
{
"lessThanOrEqual": "3.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:49:05.562503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:52:23.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wc-product-table-lite",
"product": "WooCommerce Product Table Lite",
"vendor": "WC Product Table",
"versions": [
{
"changes": [
{
"at": "3.8.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.5.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "stealthcopter (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.\u003cp\u003eThis issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:08.702Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wc-product-table-lite/wordpress-woocommerce-product-table-lite-plugin-3-5-1-arbitrary-code-execution-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.8.6 or a higher version."
}
],
"value": "Update to 3.8.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WooCommerce Product Table Lite plugin \u003c= 3.5.1 - Arbitrary Code Execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43128",
"datePublished": "2024-08-13T10:52:04.331Z",
"dateReserved": "2024-08-07T09:19:02.857Z",
"dateUpdated": "2026-04-28T16:10:08.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43202 (GCVE-0-2024-43202)
Vulnerability from cvelistv5 – Published: 2024-08-20 07:29 – Updated: 2024-08-20 15:02
VLAI
Title
Apache DolphinScheduler: Remote Code Execution Vulnerability
Summary
Exposure of Remote Code Execution in Apache Dolphinscheduler.
This issue affects Apache DolphinScheduler: before 3.2.2.
We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
5 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache DolphinScheduler |
Affected:
3.0.0 , < 3.2.2
(semver)
|
|
| apache_software_foundation | apache_dolphinscheduler |
Affected:
3.0.0 , < 3.2.2
(semver)
cpe:2.3:a:apache_software_foundation:apache_dolphinscheduler:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_dolphinscheduler:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_dolphinscheduler",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-43202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T13:06:20.819939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:13:41.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-20T15:02:42.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/20/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache DolphinScheduler",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "an4er"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache DolphinScheduler: before 3.2.2. \u003cbr\u003e\u003cbr\u003eWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue."
}
],
"value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T07:29:43.170Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/dolphinscheduler/pull/15758"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49109"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache DolphinScheduler: Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-43202",
"datePublished": "2024-08-20T07:29:43.170Z",
"dateReserved": "2024-08-07T15:30:55.296Z",
"dateUpdated": "2024-08-20T15:02:42.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43363 (GCVE-0-2024-43363)
Vulnerability from cvelistv5 – Published: 2024-10-07 20:40 – Updated: 2025-11-03 20:38
VLAI
Title
Remote code execution via Log Poisoning in Cacti
Summary
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Cacti/cacti/security/advisorie… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cacti",
"vendor": "cacti",
"versions": [
{
"lessThan": "1.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43363",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:21:20.835700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:22:10.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:46.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cacti",
"vendor": "Cacti",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:40:39.173Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4"
}
],
"source": {
"advisory": "GHSA-gxq4-mv8h-6qj4",
"discovery": "UNKNOWN"
},
"title": "Remote code execution via Log Poisoning in Cacti"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43363",
"datePublished": "2024-10-07T20:40:39.173Z",
"dateReserved": "2024-08-09T14:23:55.512Z",
"dateUpdated": "2025-11-03T20:38:46.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43388 (GCVE-0-2024-43388)
Vulnerability from cvelistv5 – Published: 2024-09-10 08:44 – Updated: 2025-08-22 06:22
VLAI
Title
Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices
Summary
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
39 products
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | FL MGUARD 2102 |
Affected:
0 , < 10.4.1
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD 2105 |
Affected:
0 , < 10.4.1
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD 4102 PCI |
Affected:
0 , < 10.4.1
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD 4102 PCIE |
Affected:
0 , < 10.4.1
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD 4302 |
Affected:
0 , < 10.4.1
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD 4305 |
Affected:
0 , < 10.4.1
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD CENTERPORT VPN-1000 |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD CORE TX |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD CORE TX VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD DELTA TX/TX |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD DELTA TX/TX VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD GT/GT |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD GT/GT VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD PCI4000 |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD PCI4000 VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD PCIE4000 |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD PCIE4000 VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS2000 TX/TX-B |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS2000 TX/TX VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS2005 TX VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS4000 TX/TX |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS4000 TX/TX-M |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS4000 TX/TX-P |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS4000 TX/TX VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS4004 TX/DTX |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD RS4004 TX/DTX VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD SMART2 |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | FL MGUARD SMART2 VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS2000 3G VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS2000 4G ATT VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS2000 4G VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS2000 4G VZW VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS4000 3G VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS4000 4G ATT VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS4000 4G VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| PHOENIX CONTACT | TC MGUARD RS4000 4G VZW VPN |
Affected:
0 , < 8.9.3
(semver)
|
|
| phoenixcontact | fl_mguard_smart2_vpn_firmware |
Affected:
0 , < 8.9.3
(semver)
cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\/tx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\/tx_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_gt\/gt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_gt\/gt_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\/tx-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\/tx_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx-m_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx-p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:* |
|
| phoenixcontact | fl_mguard_4305_firmware |
Affected:
0 , < 10.4.1
(semver)
cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:* |
|
| phoenixcontact | tc_mguard_rs4000_4g_vzw_vpn_firmware |
Affected:
0 , < 8.9.3
(semver)
cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fl_mguard_smart2_vpn_firmware",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fl_mguard_4305_firmware",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tc_mguard_rs4000_4g_vzw_vpn_firmware",
"vendor": "phoenixcontact",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:46:11.213014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:17:49.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 2102",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 2105",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4102 PCI",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4102 PCIE",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4302",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4305",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CENTERPORT VPN-1000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CORE TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CORE TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DELTA TX/TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DELTA TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD GT/GT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD GT/GT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCI4000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCI4000 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCIE4000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCIE4000 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2000 TX/TX-B",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2000 TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2005 TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX-M",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX-P",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4004 TX/DTX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4004 TX/DTX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD SMART2",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD SMART2 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 3G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G ATT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G VZW VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 3G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G ATT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G VZW VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi Networks Security Research Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T06:22:30.968Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-039"
}
],
"source": {
"advisory": "VDE-2024-039",
"defect": [
"CERT@VDE#641656"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-43388",
"datePublished": "2024-09-10T08:44:06.550Z",
"dateReserved": "2024-08-12T08:30:16.360Z",
"dateUpdated": "2025-08-22T06:22:30.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43389 (GCVE-0-2024-43389)
Vulnerability from cvelistv5 – Published: 2024-09-10 08:44 – Updated: 2025-08-22 06:23
VLAI
Title
Phoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devices
Summary
A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
36 products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:43:32.088676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:44:29.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 2102",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 2105",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4102 PCI",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4102 PCIE",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4302",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD 4305",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "10.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CENTERPORT VPN-1000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CORE TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD CORE TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DELTA TX/TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD DELTA TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD GT/GT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD GT/GT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCI4000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCI4000 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCIE4000",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD PCIE4000 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2000 TX/TX-B",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2000 TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS2005 TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX-M",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX-P",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4000 TX/TX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4004 TX/DTX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD RS4004 TX/DTX VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD SMART2",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FL MGUARD SMART2 VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 3G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G ATT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS2000 4G VZW VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 3G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G ATT VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TC MGUARD RS4000 4G VZW VPN",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nozomi Networks Security Research Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.\u003c/p\u003e"
}
],
"value": "A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T06:23:04.328Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-039"
}
],
"source": {
"advisory": "VDE-2024-039",
"defect": [
"CERT@VDE#641656"
],
"discovery": "UNKNOWN"
},
"title": "Phoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devices",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-43389",
"datePublished": "2024-09-10T08:44:19.337Z",
"dateReserved": "2024-08-12T08:30:16.360Z",
"dateUpdated": "2025-08-22T06:23:04.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Refactoring
Description:
- Refactor your program so that you do not have to dynamically generate code.
Mitigation
Phase: Architecture and Design
Description:
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Phase: Testing
Description:
- Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation ID: MIT-32
Phase: Operation
Strategy: Compilation or Build Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation ID: MIT-32
Phase: Operation
Strategy: Environment Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
Phase: Implementation
Description:
- For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.