CVE-2024-43386

Name of the Vulnerable Software and Affected Versions mGuard devices (affected versions not specified)

Description A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL NOTIFICATION.TO. This allows for the execution of commands as root on mGuard devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the EMAIL NOTIFICATION.TO variable to minimize the risk of exploitation. Avoid using the EMAIL NOTIFICATION.TO variable in a way that could allow for the injection of special elements until the issue is resolved.