CVE-2021-34579

Name of the Vulnerable Software and Affected Versions Phoenix Contact: FL MGUARD DM versions 1.12.0 through 1.13.0

Description The issue is related to inadequate access control in the Apache web server installed as part of the FL MGUARD DM on Microsoft Windows. Attackers with network access to the Apache web server can download and read mGuard configuration profiles, also known as "ATV profiles", which may contain sensitive information such as private keys associated with IPsec VPN connections.

Recommendations For versions 1.12.0 and 1.13.0, consider restricting access to the Apache web server to minimize the risk of exploitation. As a temporary workaround, limit the ability to download configuration profiles until a patch is available. Additionally, review and secure any sensitive information stored in the configuration profiles. At the moment, there is no information about a newer version that contains a fix for this vulnerability.