Warning: CRITICAL VULNERABILITY IN ZYXEL FIREWALLS, POC IS AVAILABLE, PATCH IMMEDIATELY
CVE-2023-28771, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Sources
Risques
Zyxel Networks has fixed a command injection vulnerability, CVE-2023-28771, affecting a variety of Zyxel firewalls.
Successful exploitation of this vulnerability could allow an unauthenticated to execute some OS commands remotely by sending crafted packets to an affected device.
Proof-of-concept (POC) code has been published, thus near future exploitation is high likely.
Description
Zyxel firewalls are Next-Generation firewalls used by organizations for security protection.
The command injection vulnerability affects : Zyxel APT, USG FLEX, and VPN firewalls running versions v4.60 to v5.35 of the ZDL firmware, and Zyxel ZyWALL/USG gateways/firewalls running ZLD v4.60 to v4.73.
This vulnerability arises from improper error message handling in affected products, which could allow an unauthenticated attacker to achieve OS command execution as the root user.
Actions recommandées
The Centre for Cybersecurity Belgium strongly recommends system administrators to patch their Zyxel systems after thorough testing. Please check your Zyxel Networks security page to find the specific patch. Some initial references are already available on the NVD reference below.
Références
https://attackerkb.com/topics/N3i8dxpFKS/cve-2023-28771/rapid7-analysis