CVE-2023-37925
CVE-2023-37925
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
28 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access system files on an affected device.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Zyxel · ATP series firmwareZyxel · NWA50AX firmwareZyxel · USG20(W)-VPN series firmwareZyxel · USG FLEX 50(W) series firmwareZyxel · USG FLEX series firmwareZyxel · VPN series firmwareZyxel · WAC500 firmwareZyxel · WAX300H firmwareZyxel · WBE660S firmwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →