Summary
FL MGUARD and TC MGUARD devices are affected by a possible infinite loop within a OpenSSL library method for parsing elliptic curve parameters. This method is used on parsing cryptographic certificates that contain elliptic curve public keys in compressed form, which may occur on:
Parsing client certificates for HTTPS administrative login
Parsing client certificates for SSH administrative login
Parsing peer certificates for IPsec VPN connections
Parsing certificates of external servers, including:
OpenVPN server
Configuration pull server
Update server
Attackers could try to exploit the vulnerability from remote.
For the mGuard Device Manager only the mdm Installer for Windows is affected.
UPDATE A: Added FL MGUARD 1102 and FL MGUARD 1105:
On FL MGUARD 1102 and FL MGUARD 1105 with mGuardNT 1.5.2 and older, the device can
be affected through an adapted certificate. This can occur on connection with a remote logging
server, configured for certificate authentication, or an remote authentication server at certificate
based authentication.
Impact
By sending a crafted certificate, attackers may trigger an infinite loop in the receiving service. This may cause the service to become unavailable. Additionally, the availability of other services may be reduced due to high CPU load.
FL MGUARD and TC MGUARD may be vulnerable in the following setups:
- Activated HTTPS administrative access with certificate-based authentication
- Activated SSH administrative access with certificate-based authentication
Use of IPsec VPN connections with certificate-based authentication - Use of connections to external servers with certificate-based authentication, including:
- OpenVPN server
- Configuration pull server
-
Update server
FL WLAN may be vulnerable in the following setup: -
WLAN Client modes with activated certificate-based RADIUS server authentication
The services can be vulnerable, even when they are not configured to use elliptic curve cryptography explicitly.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1153079 | FL MGUARD 1102 | Firmware <=1.5.2 |
| 1153078 | FL MGUARD 1105 | Firmware <=1.5.2 |
| 2702547 | FL MGUARD CENTERPORT | Firmware <=8.8.5 |
| 2702820 | FL MGUARD CENTERPORT VPN-1000 | Firmware <=8.8.5 |
| 2702884 | FL MGUARD CORE TX | Firmware <=8.8.5 |
| 2702831 | FL MGUARD CORE TX VPN | Firmware <=8.8.5 |
| 2700967 | FL MGUARD DELTA TX/TX | Firmware <=8.8.5 |
| 2700968 | FL MGUARD DELTA TX/TX VPN | Firmware <=8.8.5 |
| 2981974 | FL MGUARD DM UNLIMITED | Firmware <=1.13.0.1 |
| 2700197 | FL MGUARD GT/GT | Firmware <=8.8.5 |
| 2700198 | FL MGUARD GT/GT VPN | Firmware <=8.8.5 |
| 2701274 | FL MGUARD PCI4000 | Firmware <=8.8.5 |
| 2701275 | FL MGUARD PCI4000 VPN | Firmware <=8.8.5 |
| 1073944 | FL MGUARD PCI4000 VPN/K2 | Firmware <=8.8.5 |
| 2701277 | FL MGUARD PCIE4000 | Firmware <=8.8.5 |
| 2701278 | FL MGUARD PCIE4000 VPN | Firmware <=8.8.5 |
| 1073940 | FL MGUARD PCIE4000 VPN/K2 | Firmware <=8.8.5 |
| 2700642 | FL MGUARD RS2000 TX/TX VPN | Firmware <=8.8.5 |
| 2702139 | FL MGUARD RS2000 TX/TX-B | Firmware <=8.8.5 |
| 2701875 | FL MGUARD RS2005 TX VPN | Firmware <=8.8.5 |
| 2700634 | FL MGUARD RS4000 TX/TX | Firmware <=8.8.5 |
| 2200515 | FL MGUARD RS4000 TX/TX VPN | Firmware <=8.8.5 |
| 1053403 | FL MGUARD RS4000 TX/TX VPN/K1 | Firmware <=8.8.5 |
| 2702470 | FL MGUARD RS4000 TX/TX-M | Firmware <=8.8.5 |
| 2702259 | FL MGUARD RS4000 TX/TX-P | Firmware <=8.8.5 |
| 1073943 | FL MGUARD RS4000 VPN/K2 | Firmware <=8.8.5 |
| 2701876 | FL MGUARD RS4004 TX/DTX | Firmware <=8.8.5 |
| 2701877 | FL MGUARD RS4004 TX/DTX VPN | Firmware <=8.8.5 |
| 2700640 | FL MGUARD SMART2 | Firmware <=8.8.5 |
| 2700639 | FL MGUARD SMART2 VPN | Firmware <=8.8.5 |
| 1053405 | FL MGUARD SMART2 VPN/K1 | Firmware <=8.8.5 |
| 2702899 | FL WLAN 1010 | Firmware <=2.70 |
| 2702900 | FL WLAN 1011 | Firmware <=2.70 |
| 2702534 | FL WLAN 1100 | Firmware <=2.70 |
| 2702538 | FL WLAN 1101 | Firmware <=2.70 |
| 1119246 | FL WLAN 2010 | Firmware <=2.70 |
| 1119248 | FL WLAN 2011 | Firmware <=2.70 |
| 2702535 | FL WLAN 2100 | Firmware <=2.70 |
| 2702540 | FL WLAN 2101 | Firmware <=2.70 |
| 2700718 | FL WLAN 5100 | Firmware <=3.21 |
| 2701093 | FL WLAN 5101 | Firmware <=3.21 |
| 2701850 | FL WLAN 5102 | Firmware <=3.21 |
| 1043193 | FL WLAN 5110 | Firmware <=3.21 |
| 1043201 | FL WLAN 5111 | Firmware <=3.21 |
| 2903441 | TC MGUARD RS2000 3G VPN | Firmware <=8.8.5 |
| 1010464 | TC MGUARD RS2000 4G ATT VPN | Firmware <=8.8.5 |
| 2903588 | TC MGUARD RS2000 4G VPN | Firmware <=8.8.5 |
| 1010462 | TC MGUARD RS2000 4G VZW VPN | Firmware <=8.8.5 |
| 2903440 | TC MGUARD RS4000 3G VPN | Firmware <=8.8.5 |
| 1010463 | TC MGUARD RS4000 4G ATT VPN | Firmware <=8.8.5 |
| 2903586 | TC MGUARD RS4000 4G VPN | Firmware <=8.8.5 |
| 1010461 | TC MGUARD RS4000 4G VZW VPN | Firmware <=8.8.5 |
Vulnerabilities
Expand / Collapse allThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Mitigation
To reduce the possibility of an attack, affected functionality could be deactivated or used only in a way that it is not exposed on untrusted interfaces.
Remediation
This vulnerability is fixed in firmware version 8.8.6. We strongly recommend all affected FL MGUARD and TC MGUARD users to upgrade to this or a later version.
PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.
For FL WLAN devices the vulnerability will be fixed in the next regular release. A release date is not yet defined.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 12.04.2022 08:00 | Initial revision. |
| 2 | 14.06.2022 08:09 | Update A |
| 3 | 14.05.2025 15:00 | Fix: added distribution |