CVE-2024-7734

moderate-risk

Published 2024-09-10

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Tc Mguard Rs4000 4G Vzw Vpn Firmware

Tc Mguard Rs4000 4G Vpn Firmware

Tc Mguard Rs4000 4G Att Vpn Firmware

Tc Mguard Rs4000 3G Vpn Firmware

Tc Mguard Rs2000 4G Vzw Vpn Firmware

Tc Mguard Rs2000 4G Vpn Firmware

Tc Mguard Rs2000 4G Att Vpn Firmware

Tc Mguard Rs2000 3G Vpn Firmware

Fl Mguard Smart2 Vpn Firmware

Fl Mguard Smart2 Firmware

Fl Mguard Rs4004 Tx\/Dtx Vpn Firmware

Fl Mguard Rs4004 Tx\/Dtx Firmware

Fl Mguard Rs4000 Tx\/Tx Vpn Firmware

Fl Mguard Rs4000 Tx\/Tx-P Firmware

Fl Mguard Rs4000 Tx\/Tx-M Firmware

Fl Mguard Rs4000 Tx\/Tx Firmware

Fl Mguard Rs2005 Tx Vpn Firmware

Fl Mguard Rs2000 Tx\/Tx Vpn Firmware

Fl Mguard Rs2000 Tx\/Tx-B Firmware

Fl Mguard Pcie4000 Vpn Firmware

Affected Vendors

Phoenixcontact

References (1)

Mitigation https://cert.vde.com/en/advisories/VDE-2024-052

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 23/34 · High