Denial of service in mGuard Firmware

Published: 2017-09-08

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2013-6466
CWE-ID	CWE-476
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	TC MGUARD RS4000 4G VPN Hardware solutions / Firmware TC MGUARD RS2000 4G VPN Hardware solutions / Firmware TC MGUARD RS4000 3G VPN Hardware solutions / Firmware TC MGUARD RS2000 3G VPN Hardware solutions / Firmware FL MGUARD RS VPN ANALOG Hardware solutions / Firmware FL MGUARD RS Hardware solutions / Firmware FL MGUARD ENTERPORT Hardware solutions / Firmware FL MGUARD RS4000 TX/TX VPN-M Hardware solutions / Firmware FL MGUARD RS4000 TX/TX-P Hardware solutions / Firmware FL MGUARD RS4004 TX/DTX VPN Hardware solutions / Firmware FL MGUARD RS4004 TX/DTX Hardware solutions / Firmware FL MGUARD RS2005 TX VPN Hardware solutions / Firmware FL MGUARD PCIE4000 VPN Hardware solutions / Firmware FL MGUARD PCI4000 VPN Hardware solutions / Firmware FL MGUARD PCI4000 Hardware solutions / Firmware FL MGUARD DELTA TX/TX VPN Hardware solutions / Firmware FL MGUARD DELTA TX/TX Hardware solutions / Firmware FL MGUARD RS2000 TX/TX VPN Hardware solutions / Firmware FL MGUARD SMART2 Hardware solutions / Firmware FL MGUARD SMART2 VPN Hardware solutions / Firmware FL MGUARD RS4000 TX/TX Hardware solutions / Firmware FL MGUARD GT/GT VPN Hardware solutions / Firmware FL MGUARD GT/GT Hardware solutions / Firmware FL MGUARD RS4000 TX/TX VPN Hardware solutions / Firmware
Vendor	Phoenix Contact GmbH

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Null pointer dereference

EUVDB-ID: #VU8168

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-6466

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference when handling malicious input. A remote attacker can supply specially crafted IKEv2 packets that lack expected payloads and cause IKE daemon to restart.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update all appliances to version 8.5.2.

Vulnerable software versions

TC MGUARD RS4000 4G VPN: All versions

TC MGUARD RS2000 4G VPN: All versions

TC MGUARD RS4000 3G VPN: All versions

TC MGUARD RS2000 3G VPN: All versions

FL MGUARD RS VPN ANALOG: All versions

FL MGUARD RS: All versions

FL MGUARD ENTERPORT: All versions

FL MGUARD RS4000 TX/TX VPN-M: All versions

FL MGUARD RS4000 TX/TX-P: All versions

FL MGUARD RS4004 TX/DTX VPN: All versions

FL MGUARD RS4004 TX/DTX: All versions

FL MGUARD RS2005 TX VPN: All versions

FL MGUARD PCIE4000 VPN: All versions

FL MGUARD PCI4000 VPN: All versions

FL MGUARD PCI4000: All versions

FL MGUARD DELTA TX/TX VPN: All versions

FL MGUARD DELTA TX/TX: All versions

FL MGUARD RS2000 TX/TX VPN: All versions

FL MGUARD SMART2: All versions

FL MGUARD SMART2 VPN: All versions

FL MGUARD RS4000 TX/TX: All versions

FL MGUARD GT/GT VPN: All versions

FL MGUARD GT/GT: All versions

FL MGUARD RS4000 TX/TX VPN: All versions

CPE2.3

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-250-02

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.