Share: Email | Twitter

ID

VDE-2017-001

Published

2017-03-07 12:05 (CET)

Last update

2017-03-07 12:05 (CET)

Vendor(s)

Innominate Security Technologies
PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
2702547 FL MGUARD CENTERPORT 8.0.0 <= 8.5.1
2700967 FL MGUARD DELTA TX/TX 8.0.0 <= 8.5.1
2700968 FL MGUARD DELTA TX/TX VPN 8.0.0 <= 8.5.1
2700197 FL MGUARD GT/GT 8.0.0 <= 8.5.1
2700198 FL MGUARD GT/GT VPN 8.0.0 <= 8.5.1
2701274 FL MGUARD PCI4000 8.0.0 <= 8.5.1
2701275 FL MGUARD PCI4000 VPN 8.0.0 <= 8.5.1
2701278 FL MGUARD PCIE4000 VPN 8.0.0 <= 8.5.1
2989310 FL MGUARD RS 8.0.0 <= 8.5.1
2700642 FL MGUARD RS2000 TX/TX VPN 8.0.0 <= 8.5.1
2701875 FL MGUARD RS2005 TX VPN 8.0.0 <= 8.5.1
2700634 FL MGUARD RS4000 TX/TX 8.0.0 <= 8.5.1
2702259 FL MGUARD RS4000 TX/TX-P 8.0.0 <= 8.5.1
2200515 FL MGUARD RS4000 TX/TX VPN 8.0.0 <= 8.5.1
2702465 FL MGUARD RS4000 TX/TX VPN-M 8.0.0 <= 8.5.1
2701876 FL MGUARD RS4004 TX/DTX 8.0.0 <= 8.5.1
2701877 FL MGUARD RS4004 TX/DTX VPN 8.0.0 <= 8.5.1
2989718 FL MGUARD RS VPN ANALOG 8.0.0 <= 8.5.1
2700640 FL MGUARD SMART2 8.0.0 <= 8.5.1
2700639 FL MGUARD SMART2 VPN 8.0.0 <= 8.5.1
2903441 TC MGUARD RS2000 3G VPN 8.0.0 <= 8.5.1
2903588 TC MGUARD RS2000 4G VPN 8.0.0 <= 8.5.1
2903440 TC MGUARD RS4000 3G VPN 8.0.0 <= 8.5.1
2903586 TC MGUARD RS4000 4G VPN 8.0.0 <= 8.5.1

Summary

Openswan 2.6.39 and earlier, which is used in the mGuard firmware version 8.0.0 to 8.5.1, allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.


Last Update:

Sept. 19, 2019, 5:33 p.m.

Weakness

NULL Pointer Dereference  (CWE-476) 

Summary

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

Impact

Specially crafted IKEv2 packets may force an IKE daemon restart and force a restart of all IPsec connections. There is no access to sensitive information or tunnel content possible by this attack.

Solution

PHOENIX CONTACT and Innominate recommend all customers running mGuard devices with affected firmware versions to update to firmware version 8.5.2 or higher, which fixes this vulnerability. Updates can be found on the vendor’s „Downloads“ page for each of the affected devices:

Art. No.  Description Link
2200515 FL MGUARD RS4000 TX/TX VPN Downloads
2700197 FL MGUARD GT/GT Downloads
2700198 FL MGUARD GT/GT VPN Downloads
2700634 FL MGUARD RS4000 TX/TX Downloads
2700639 FL MGUARD SMART2 VPN Downloads
2700640 FL MGUARD SMART2 Downloads
2700642 FL MGUARD RS2000 TX/TX VPN Downloads
2700967 FL MGUARD DELTA TX/TX Downloads
2700968 FL MGUARD DELTA TX/TX VPN Downloads
2701274 FL MGUARD PCI4000 Downloads
2701275 FL MGUARD PCI4000 VPN Downloads
2701278 FL MGUARD PCIE4000 VPN Downloads
2701875 FL MGUARD RS2005 TX VPN Downloads
2701876 FL MGUARD RS4004 TX/DTX Downloads
2701877 FL MGUARD RS4004 TX/DTX VPN Downloads
2702259 FL MGUARD RS4000 TX/TX-P Downloads
2702465 FL MGUARD RS4000 TX/TX VPN-M Downloads
2702547 FL MGUARD CENTERPORT Downloads
2989310 FL MGUARD RS Downloads
2989718 FL MGUARD RS VPN ANALOG Downloads
2903441 TC MGUARD RS2000 3G VPN Downloads
2903440 TC MGUARD RS4000 3G VPN Downloads
2903588 TC MGUARD RS2000 4G VPN Downloads
2903586 TC MGUARD RS4000 4G VPN Downloads

Reported by