CVE-2024-43384 - Vulnerability Details - OpenCVE

A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://certvde.com/en/advisories/VDE-2024-039

History

Thu, 07 May 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
Title		Phoenix Contact: Improper removal of sensitive information in MGUARD products
Weaknesses		CWE-212
References		https://certvde.com/en/advisories/VDE-2024-039
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-05-07T08:37:04.384Z

Updated: 2026-05-07T08:37:04.384Z

Reserved: 2024-08-12T08:30:16.359Z

Link: CVE-2024-43384

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-07T09:16:24.873

Modified: 2026-05-07T09:16:24.873

Link: CVE-2024-43384

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-43384", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2024-08-12T08:30:16.359Z", "datePublished": "2026-05-07T08:37:04.384Z", "dateUpdated": "2026-05-07T08:37:04.384Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FL MGUARD 2102", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 2105", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4102 PCI", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4102 PCIE", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4302", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD 4305", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "10.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD CENTERPORT VPN-1000", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD CORE TX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD CORE TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD DELTA TX/TX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD DELTA TX/TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD GT/GT", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD GT/GT VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCI4000", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCI4000 VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCIE4000", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD PCIE4000 VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS2000 TX/TX-B", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS2000 TX/TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS2005 TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX-M", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX-P", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4000 TX/TX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4004 TX/DTX", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD RS4004 TX/DTX VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD SMART2", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL MGUARD SMART2 VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 3G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 4G ATT VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 4G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS2000 4G VZW VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 3G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 4G ATT VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 4G VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC MGUARD RS4000 4G VZW VPN", "vendor": "PHOENIX CONTACT", "versions": [{"lessThan": "8.9.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Nozomi Networks Security Research Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.</span><br>"}], "value": "A low privileged remote attacker can gain\u00a0the root password due to improper removal of sensitive information before storage or transfer."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-212", "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-05-07T08:37:04.384Z"}, "references": [{"url": "https://certvde.com/en/advisories/VDE-2024-039"}], "source": {"advisory": "VDE-2024-039", "defect": ["CERT@VDE#641656"], "discovery": "UNKNOWN"}, "title": "Phoenix Contact: Improper removal of sensitive information in MGUARD products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}