SB2017051601 - Two vulnerabilities in Phoenix Contact GmbH mGuard
Published: May 16, 2017
Security Bulletin ID
SB2017051601
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-7935)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to resource exhaustion. A remote attacker can perform multiple initial VPN requests, access internal network resources and cause the affected device to crash.
Successful exploitation of the vulnerability may result in denial of service.
2) Improper authentication (CVE-ID: CVE-2017-7937)
The vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.The weakness exists due to improper authentication when RADIUS servers are unreachable. By using incorrect credentials a remote attacker can bypass authentication and gain unauthorized access to the user firewall.
Successful exploitation of the vulnerability may result in access to the internal network.
Remediation
Install update from vendor's website.