CVE-2024-43386
high-risk
Published 2024-09-10
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
Do I need to act?
~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Tc Mguard Rs4000 4G Vzw Vpn Firmware
Tc Mguard Rs4000 4G Vpn Firmware
Tc Mguard Rs4000 4G Att Vpn Firmware
Tc Mguard Rs4000 3G Vpn Firmware
Tc Mguard Rs2000 4G Vzw Vpn Firmware
Tc Mguard Rs2000 4G Vpn Firmware
Tc Mguard Rs2000 4G Att Vpn Firmware
Tc Mguard Rs2000 3G Vpn Firmware
Fl Mguard Smart2 Vpn Firmware
Fl Mguard Smart2 Firmware
Fl Mguard Rs4004 Tx\/Dtx Vpn Firmware
Fl Mguard Rs4004 Tx\/Dtx Firmware
Fl Mguard Rs4000 Tx\/Tx Vpn Firmware
Fl Mguard Rs4000 Tx\/Tx-P Firmware
Fl Mguard Rs4000 Tx\/Tx-M Firmware
Fl Mguard Rs4000 Tx\/Tx Firmware
Fl Mguard Rs2005 Tx Vpn Firmware
Fl Mguard Rs2000 Tx\/Tx Vpn Firmware
Fl Mguard Rs2000 Tx\/Tx-B Firmware
Fl Mguard Pcie4000 Vpn Firmware
Affected Vendors
References (1)
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-039
59
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
6/34 · Minimal
Exposure
23/34 · High