5.7

CVE-2024-7698

Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhoenixcontactFl Mguard 4305 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 4305 Version-
PhoenixcontactFl Mguard 4302 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 4302 Version-
PhoenixcontactFl Mguard 2105 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 2105 Version-
PhoenixcontactFl Mguard 2102 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 2102 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.409
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.