CVE-2020-12523 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-12523

Analyzed

More Info Official Page

Source-info@cert.vde.com

Published At-17 Dec, 2020 | 23:15

Updated At-21 Dec, 2020 | 14:16

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P

CPE Matches

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_4g_vzw_vpn_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_4g_vzw_vpn>>-

cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_4g_att_vpn_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_4g_att_vpn>>-

cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_att_vpn:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>fl_mguard_rs4004_tx\/dtx_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>fl_mguard_rs4004_tx\/dtx>>-

cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\/dtx:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>fl_mguard_rs4004_tx\/dtx_vpn_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_vpn_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>fl_mguard_rs4004_tx\/dtx_vpn>>-

cpe:2.3:h:phoenixcontact:fl_mguard_rs4004_tx\/dtx_vpn:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_3g_vpn_firmware>>-

cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_3g_vpn>>-

cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_4g_vpn_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>tc_mguard_rs4000_4g_vpn>>-

cpe:2.3:h:phoenixcontact:tc_mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>innominate_mguard_rs4000_4tx\/tx_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:innominate_mguard_rs4000_4tx\/tx_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>innominate_mguard_rs4000_4tx\/tx>>-

cpe:2.3:h:phoenixcontact:innominate_mguard_rs4000_4tx\/tx:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>innominate_mguard_rs4000_4tx\/tx_vpn_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:innominate_mguard_rs4000_4tx\/tx_vpn_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>innominate_mguard_rs4000_4tx\/tx_vpn>>-

cpe:2.3:h:phoenixcontact:innominate_mguard_rs4000_4tx\/tx_vpn:-:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>innominate_mguard_rs4000_4tx\/3g\/tx_vpn_firmware>>Versions before 8.8.3(exclusive)

cpe:2.3:o:phoenixcontact:innominate_mguard_rs4000_4tx\/3g\/tx_vpn_firmware:*:*:*:*:*:*:*:*

Phoenix Contact GmbH & Co. KG

>>innominate_mguard_rs4000_4tx\/3g\/tx_vpn>>-

cpe:2.3:h:phoenixcontact:innominate_mguard_rs4000_4tx\/3g\/tx_vpn:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-909	Primary	nvd@nist.gov
CWE-909	Secondary	info@cert.vde.com

References

Hyperlink	Source	Resource
https://cert.vde.com/en-us/advisories/vde-2020-046	info@cert.vde.com	Third Party Advisory