Denial of service in mGuard Firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-6466 |
| CWE-ID | CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
TC MGUARD RS4000 4G VPN Hardware solutions / Firmware TC MGUARD RS2000 4G VPN Hardware solutions / Firmware TC MGUARD RS4000 3G VPN Hardware solutions / Firmware TC MGUARD RS2000 3G VPN Hardware solutions / Firmware FL MGUARD RS VPN ANALOG Hardware solutions / Firmware FL MGUARD RS Hardware solutions / Firmware FL MGUARD ENTERPORT Hardware solutions / Firmware FL MGUARD RS4000 TX/TX VPN-M Hardware solutions / Firmware FL MGUARD RS4000 TX/TX-P Hardware solutions / Firmware FL MGUARD RS4004 TX/DTX VPN Hardware solutions / Firmware FL MGUARD RS4004 TX/DTX Hardware solutions / Firmware FL MGUARD RS2005 TX VPN Hardware solutions / Firmware FL MGUARD PCIE4000 VPN Hardware solutions / Firmware FL MGUARD PCI4000 VPN Hardware solutions / Firmware FL MGUARD PCI4000 Hardware solutions / Firmware FL MGUARD DELTA TX/TX VPN Hardware solutions / Firmware FL MGUARD DELTA TX/TX Hardware solutions / Firmware FL MGUARD RS2000 TX/TX VPN Hardware solutions / Firmware FL MGUARD SMART2 Hardware solutions / Firmware FL MGUARD SMART2 VPN Hardware solutions / Firmware FL MGUARD RS4000 TX/TX Hardware solutions / Firmware FL MGUARD GT/GT VPN Hardware solutions / Firmware FL MGUARD GT/GT Hardware solutions / Firmware FL MGUARD RS4000 TX/TX VPN Hardware solutions / Firmware |
| Vendor | Phoenix Contact GmbH |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Null pointer dereference
EUVDB-ID: #VU8168
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-6466
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference when handling malicious input. A remote attacker can supply specially crafted IKEv2 packets that lack expected payloads and cause IKE daemon to restart.
Successful exploitation of the vulnerability results in denial of service.
Update all appliances to version 8.5.2.
Vulnerable software versionsTC MGUARD RS4000 4G VPN: All versions
TC MGUARD RS2000 4G VPN: All versions
TC MGUARD RS4000 3G VPN: All versions
TC MGUARD RS2000 3G VPN: All versions
FL MGUARD RS VPN ANALOG: All versions
FL MGUARD RS: All versions
FL MGUARD ENTERPORT: All versions
FL MGUARD RS4000 TX/TX VPN-M: All versions
FL MGUARD RS4000 TX/TX-P: All versions
FL MGUARD RS4004 TX/DTX VPN: All versions
FL MGUARD RS4004 TX/DTX: All versions
FL MGUARD RS2005 TX VPN: All versions
FL MGUARD PCIE4000 VPN: All versions
FL MGUARD PCI4000 VPN: All versions
FL MGUARD PCI4000: All versions
FL MGUARD DELTA TX/TX VPN: All versions
FL MGUARD DELTA TX/TX: All versions
FL MGUARD RS2000 TX/TX VPN: All versions
FL MGUARD SMART2: All versions
FL MGUARD SMART2 VPN: All versions
FL MGUARD RS4000 TX/TX: All versions
FL MGUARD GT/GT VPN: All versions
FL MGUARD GT/GT: All versions
FL MGUARD RS4000 TX/TX VPN: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-17-250-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
