从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞ID:VDE-2024-052 2. 发布日期:2024年9月10日10:00 (CEST) 3. 更新日期:2024年9月10日08:36 (CEST) 4. 供应商:PHOENIX CONTACT GmbH & Co. KG 5. 受影响的产品: - FL MGUARD 2102 - FL MGUARD 2105 - FL MGUARD 4102 PCI - FL MGUARD 4102 PCIE - FL MGUARD 4302 - FL MGUARD 4305 - FL MGUARD CENTERPORT VPN-1000 - FL MGUARD CORE TX - FL MGUARD CORE TX VPN - FL MGUARD DELTA TX/TX - FL MGUARD DELTA TX/TX VPN - FL MGUARD GT/GT - FL MGUARD GT/GT VPN - FL MGUARD PCI4000 - FL MGUARD PCI4000 VPN - FL MGUARD PCIE4000 - FL MGUARD PCIE4000 VPN - FL MGUARD RS2000 TX/TX-B - FL MGUARD RS2000 TX/TX VPN - FL MGUARD RS2005 TX VPN - FL MGUARD RS4000 TX/TX - FL MGUARD RS4000 TX/TX-M - FL MGUARD RS4000 TX/TX-P - FL MGUARD RS4000 TX/TX VPN - FL MGUARD RS4004 TX/DTX - FL MGUARD RS4004 TX/DTX VPN - FL MGUARD SMART2 - FL MGUARD SMART2 VPN - TC MGUARD RS2000 3G VPN - TC MGUARD RS2000 4G ATT VPN - TC MGUARD RS2000 4G VPN - TC MGUARD RS4000 3G VPN - TC MGUARD RS4000 4G ATT VPN - TC MGUARD RS4000 4G VPN - TC MGUARD RS4000 4G VZW VPN - TC MGUARD RS4000 4G VZW VPN 6. 漏洞描述:The pathfinder TCP encapsulation service is vulnerable to a drain of open file descriptors. 7. CVE ID:CVE-2024-7734 8. 严重性:5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 9. 弱点:Allocation of Resources Without Limits or Throttling (CWE-770) 10. 影响:Attackers can trigger a denial-of-service of the pathfinder TCP encapsulation service. 11. 解决方案: - Access to the listen port of the pathfinder TCP encapsulation service should be limited to trustworthy networks or peers. - Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 8.9.3 / 10.4.1 or higher which fix this vulnerability. 12. 报告者:CERT@VDE coordinated with Phoenix Contact