CVE-2024-43385

Name of the Vulnerable Software and Affected Versions mGuard devices (affected versions not specified)

Description A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY HTTP PORT. This allows remote attackers to execute OS commands as root via manipulation of the PROXY HTTP PORT variable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the PROXY HTTP PORT variable to minimize the risk of exploitation. Avoid using the PROXY HTTP PORT variable in sensitive operations until the issue is resolved.