www.belgium.be Logo of the federal government

Warning: CRITICAL VULNERABILITY IN ZYXEL FIREWALLS, POC IS AVAILABLE, PATCH IMMEDIATELY

Referentie: 
Advisory #2023-59
Versie: 
1.0
Geïmpacteerde software: 
ZyWALL/USG series firmware versions 4.60 through 4.73
VPN series firmware versions 4.60 through 5.35
USG FLEX series firmware versions 4.60 through 5.35
ATP series firmware versions 4.60 through 5.35
Type: 
Command Injection
CVE/CVSS: 

CVE-2023-28771, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Datum: 
25/05/2023

Bronnen

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

Risico’s

Zyxel Networks has fixed a command injection vulnerability, CVE-2023-28771, affecting a variety of Zyxel firewalls.

Successful exploitation of this vulnerability could allow an unauthenticated to execute some OS commands remotely by sending crafted packets to an affected device.

Proof-of-concept (POC) code has been published, thus near future exploitation is high likely.

Beschrijving

Zyxel firewalls are Next-Generation firewalls used by organizations for security protection.

The command injection vulnerability affects : Zyxel APT, USG FLEX, and VPN firewalls running versions v4.60 to v5.35 of the ZDL firmware, and Zyxel ZyWALL/USG gateways/firewalls running ZLD v4.60 to v4.73.

This vulnerability arises from improper error message handling in affected products, which could allow an unauthenticated attacker to achieve OS command execution as the root user.

Aanbevolen acties

The Centre for Cybersecurity Belgium strongly recommends system administrators to patch their Zyxel systems after thorough testing.

Please check your Zyxel Networks security page to find the specific patch. Some initial references are already available on the NVD reference below.

Referenties

https://attackerkb.com/topics/N3i8dxpFKS/cve-2023-28771/rapid7-analysis

https://nvd.nist.gov/vuln/detail/CVE-2023-28771