CVE-2024-43393

Q: What is the severity of CVE-2024-43393?

CVE-2024-43393 has a CVSS score of 8.1 (HIGH). This vulnerability allows low-privileged remote attackers to modify firewall configuration through environment variables, potentially causing denial of service. Systems running affected versions of the firewall software with default configurations are vulnerable.

8.1 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows low-privileged remote attackers to modify firewall configuration through environment variables, potentially causing denial of service. Systems running affected versions of the firewall software with default configurations are vulnerable.

💻 Affected Systems

Products:

Firewall software with vulnerable environment variable handling

Versions: Specific versions not detailed in advisory

Operating Systems: Linux-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires low-privileged remote access to the system

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete firewall bypass, network compromise, and persistent DoS affecting all network services

🟠

Likely Case

Firewall rule manipulation leading to service disruption and potential unauthorized network access

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires low-privileged access but is straightforward once access is obtained

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://cert.vde.com/en/advisories/VDE-2024-039

Restart Required: Yes

Instructions:

1. Review vendor advisory 2. Apply recommended patches 3. Restart firewall services 4. Verify configuration integrity

🔧 Temporary Workarounds

Restrict environment variable access

linux

Limit which users can set firewall-related environment variables

chmod 600 /etc/environment
setfacl -m u:firewalluser:rw /etc/environment

Disable vulnerable features

linux

Temporarily disable affected firewall modules if not critical

systemctl stop fw-module
iptables -F

🧯 If You Can't Patch

Implement strict access controls to prevent low-privileged users from accessing firewall configuration
Deploy network segmentation to limit potential impact of firewall rule changes

🔍 How to Verify

Check if Vulnerable:

Check if low-privileged users can modify FW_* environment variables and if firewall accepts these variables

Check Version:

firewall --version

Verify Fix Applied:

Test if environment variable manipulation no longer affects firewall configuration

📡 Detection & Monitoring

Log Indicators:

Unauthorized modifications to firewall rules
Unexpected environment variable changes
Firewall service restarts by non-admin users

Network Indicators:

Sudden changes in firewall behavior
Unexpected port openings
Traffic pattern anomalies

SIEM Query:

source="firewall.log" AND (event="rule_change" OR event="config_modify") AND user!="admin"

📊 Metadata

CVE ID: CVE-2024-43393

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-94

Published: September 10, 2024

Last Updated: August 22, 2025

🔗 References

https://cert.vde.com/en/advisories/VDE-2024-039 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fl Mguard 2102 Firmware by Phoenixcontact

Fl Mguard 2105 Firmware by Phoenixcontact

Fl Mguard 4102 Pci Firmware by Phoenixcontact

Fl Mguard 4102 Pcie Firmware by Phoenixcontact

Fl Mguard 4302 Firmware by Phoenixcontact

Fl Mguard 4305 Firmware by Phoenixcontact

Fl Mguard Centerport Vpn 1000 Firmware by Phoenixcontact

Fl Mguard Core Tx Firmware by Phoenixcontact

Fl Mguard Core Tx Vpn Firmware by Phoenixcontact

Fl Mguard Delta Tx\/tx Firmware by Phoenixcontact

Fl Mguard Delta Tx\/tx Vpn Firmware by Phoenixcontact

Fl Mguard Gt\/gt Firmware by Phoenixcontact

Fl Mguard Gt\/gt Vpn Firmware by Phoenixcontact

Fl Mguard Pci4000 Firmware by Phoenixcontact

Fl Mguard Pci4000 Vpn Firmware by Phoenixcontact

Fl Mguard Pcie4000 Firmware by Phoenixcontact

Fl Mguard Pcie4000 Vpn Firmware by Phoenixcontact

Fl Mguard Rs2000 Tx\/tx B Firmware by Phoenixcontact

Fl Mguard Rs2000 Tx\/tx Vpn Firmware by Phoenixcontact

Fl Mguard Rs2005 Tx Vpn Firmware by Phoenixcontact

Fl Mguard Rs4000 Tx\/tx Firmware by Phoenixcontact

Fl Mguard Rs4000 Tx\/tx M Firmware by Phoenixcontact

Fl Mguard Rs4000 Tx\/tx P Firmware by Phoenixcontact

Fl Mguard Rs4000 Tx\/tx Vpn Firmware by Phoenixcontact

Fl Mguard Rs4004 Tx\/dtx Firmware by Phoenixcontact

Fl Mguard Rs4004 Tx\/dtx Vpn Firmware by Phoenixcontact

Fl Mguard Smart2 Firmware by Phoenixcontact

Fl Mguard Smart2 Vpn Firmware by Phoenixcontact

Tc Mguard Rs2000 3g Vpn Firmware by Phoenixcontact

Tc Mguard Rs2000 4g Att Vpn Firmware by Phoenixcontact

Tc Mguard Rs2000 4g Vpn Firmware by Phoenixcontact

Tc Mguard Rs2000 4g Vzw Vpn Firmware by Phoenixcontact

Tc Mguard Rs4000 3g Vpn Firmware by Phoenixcontact

Tc Mguard Rs4000 4g Att Vpn Firmware by Phoenixcontact

Tc Mguard Rs4000 4g Vpn Firmware by Phoenixcontact

Tc Mguard Rs4000 4g Vzw Vpn Firmware by Phoenixcontact