CVE-2017-7937

Published May 19, 2017

Last updated 5 years ago

CVSS medium 4.0

Overview

Description: An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 4
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287
ics-cert@hq.dhs.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "116FA86C-7A05-4B2C-8148-6FE371E60D70"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "236DEF3C-0F0F-467B-9EEB-276092938DAF"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6A1E205-BB61-47BE-A903-0F122D2D732A"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCB742B0-8E3E-4110-87A9-D40360743A42"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "582782AB-3CBC-4EB6-B271-4AA270F87CB1"
          },
          {
            "criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3625B7F5-0170-4269-97A3-F3ABF147F803"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:phoenix_contact_gmbh:mguard:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "418AA18B-BB7E-4C77-BF5C-F1CB320B643B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References