CVE-2017-7935

{"id": "CVE-2017-7935", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-19T03:29:00.637", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests."}, {"lang": "es", "value": "Se ha descubierto un problema de agotamiento de recursos en Phoenix Contact GmbH mGuard desde la versi\u00f3n 8.3.0 hasta la 8.4.2. Un atacante podr\u00eda comprometer la disponibilidad del dispositivo mediante m\u00faltiples peticiones iniciales de VPN."}], "lastModified": "2024-11-21T03:32:59.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "116FA86C-7A05-4B2C-8148-6FE371E60D70"}, {"criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "236DEF3C-0F0F-467B-9EEB-276092938DAF"}, {"criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6A1E205-BB61-47BE-A903-0F122D2D732A"}, {"criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB742B0-8E3E-4110-87A9-D40360743A42"}, {"criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "582782AB-3CBC-4EB6-B271-4AA270F87CB1"}, {"criteria": "cpe:2.3:o:phoenix_contact_gmbh:mguard_firmware:8.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3625B7F5-0170-4269-97A3-F3ABF147F803"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenix_contact_gmbh:mguard:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "418AA18B-BB7E-4C77-BF5C-F1CB320B643B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}