Denial of service in mGuard - CVE-2017-7935
Published: May 16, 2017 / Updated: May 16, 2017
Vulnerability identifier: #VU6548
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7935
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Phoenix Contact GmbH
Affected software:
mGuard
mGuard
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to resource exhaustion. A remote attacker can perform multiple initial VPN requests, access internal network resources and cause the affected device to crash.
Successful exploitation of the vulnerability may result in denial of service.
The weakness exists due to resource exhaustion. A remote attacker can perform multiple initial VPN requests, access internal network resources and cause the affected device to crash.
Successful exploitation of the vulnerability may result in denial of service.
How to mitigate CVE-2017-7935
Update to version 8.5.0 or later.