Phoenix Contact: Unbounded growth of OpenSSL session cache in multiple FL MGUARD devices
Monitor5.9VDE-2024-029Jun 11, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
The OpenSSL library used in FL MGUARD 1102 and 1105 devices is vulnerable to unbounded growth of the TLS 1.3 session cache. A remote attacker can send specially crafted TLS session data that causes the session cache to grow without bound, consuming memory and making the device unresponsive (denial of service).
What this means
What could happen
An attacker could send specially crafted TLS handshakes to exhaust memory on the device, causing it to become unresponsive and interrupting secure communications to your network security appliance.
Who's at risk
Network security and VPN appliance operators running Phoenix Contact FL MGUARD 1102 or 1105 devices should prioritize this update, particularly if these devices are reachable from untrusted networks.
How it could be exploited
An attacker with network access to the device's TLS port could send malicious TLS 1.3 session data that causes the OpenSSL session cache to grow without bound, consuming available memory until the device runs out of resources and becomes unavailable.
Prerequisites
- Network access to the device's TLS port (typically 443)
- Ability to initiate TLS 1.3 handshakes with the device
- No authentication required
remotely exploitableno authentication requiredlow complexityaffects availability and network security functions
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
FL MGUARD 1102<1.8.01.8.0
FL MGUARD 1105<1.8.01.8.0
Remediation & Mitigation
0/2
Do now
0/1WORKAROUNDRestrict network access to the device's web interface (port 443) to only trusted management networks and block all other sources
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
FL MGUARD 1102
HOTFIXUpdate FL MGUARD 1102 and FL MGUARD 1105 firmware to version 1.8.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d42db507-c8a7-4fc7-ab6a-b9028b74440f