CVE-2020-12523 Vulnerability Details

  /     /     /  

CVE-2020-12523 Metadata Quick Info

CVE Published: 17/12/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: CERTVDE | Vendor: Phoenix Contact | Product: TC MGUARD RS4000 4G VZW VPN (1010461)
Status : PUBLISHED

---

CVE-2020-12523 Description

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

Metrics

CVSS Version: 3.1 | Base Score: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-909
CWE Name: CWE-909 Missing Initialization of Resource
Source: Phoenix Contact

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).