CVE-2017-7937

Published May 19, 2017

Last updated 20 days ago

CVSS medium 4.0

Overview

Description: An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.
Source: ics-cert@hq.dhs.gov
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 4
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

ics-cert@hq.dhs.gov: CWE-287
nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "116FA86C-7A05-4B2C-8148-6FE371E60D70"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "236DEF3C-0F0F-467B-9EEB-276092938DAF"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6A1E205-BB61-47BE-A903-0F122D2D732A"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCB742B0-8E3E-4110-87A9-D40360743A42"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "582782AB-3CBC-4EB6-B271-4AA270F87CB1"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3625B7F5-0170-4269-97A3-F3ABF147F803"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenix_contact_gmbh:mguard:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "418AA18B-BB7E-4C77-BF5C-F1CB320B643B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References