CVE-2023-22916

CVSS 8.1 HIGHEPSS 0.7%CWE-20

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.1EPSS 0.7%KEV nãoPoC —Patch —

Ciclo de vida

24 abr 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Produtos afetados

Zyxel · ATP series firmware Zyxel · USG20(W)-VPN firmware Zyxel · USG FLEX 50(W) firmware Zyxel · USG FLEX series firmware Zyxel · VPN series firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps