CVE-2020-12523 : Security Advisory and Response

Phoenix Contact mGuard Devices versions before 8.8.3 allow LAN ports to become functional after a reboot, even if they are disabled in the device configuration due to Missing Initialization of Resource.

Understanding CVE-2020-12523

This CVE involves a vulnerability in Phoenix Contact mGuard Devices that affects LAN port functionality post-reboot.

What is CVE-2020-12523?

CVE-2020-12523 pertains to a flaw in mGuard Devices where LAN ports remain operational after a reboot, irrespective of their configuration status.

The Impact of CVE-2020-12523

The vulnerability poses a medium severity risk with a CVSS base score of 5.4. It requires user interaction for exploitation and can lead to low confidentiality impact.

Technical Details of CVE-2020-12523

This section delves into the specifics of the vulnerability.

Vulnerability Description

The issue arises in mGuard Devices where LAN ports become active post-reboot, disregarding their configuration settings.

Affected Systems and Versions

TC MGUARD RS4000 4G VZW VPN (1010461)
TC MGUARD RS4000 4G ATT VPN (1010463)
FL MGUARD RS4004 TX/DTX (2701876)
FL MGUARD RS4004 TX/DTX VPN (2701877)
TC MGUARD RS4000 3G VPN (2903440)
TC MGUARD RS4000 4G VPN (2903586)
Innominate mGuard rs4000 series

Exploitation Mechanism

The vulnerability can be exploited over a network with low attack complexity, requiring user interaction.

Mitigation and Prevention

To address CVE-2020-12523, follow these mitigation strategies:

Immediate Steps to Take

Upgrade mGuard Devices to firmware version 8.8.3
Detach network cables from affected switch ports instead of deactivating via configuration

Long-Term Security Practices

Regularly update firmware and security patches
Implement network segmentation and access controls

Patching and Updates

Phoenix Contact recommends upgrading all mGuard devices to firmware version 8.8.3