www.belgium.be Logo of the federal government

Kritieke kwetsbaarheid in Zyxel firewall's en VPN's

Referentie: 
Advisory #2022-0014
Versie: 
1.0
Geïmpacteerde software: 
USG FLEX 100(W), 200, 500, 700 running firmware ZLD V5.00 through ZLD V5.21 Patch 1
USG FLEX 50(W) / USG20(W)-VPN running firmware ZLD V5.10 through ZLD V5.21 Patch 1
ATP series running firmware ZLD V5.10 through ZLD V5.21 Patch 1
VPN series running firmware ZLD V4.60 through ZLD V5.21 Patch 1
Type: 
Unauthenticated Remote Command Execution (RCE)
CVE/CVSS: 

CVE-2022-30525 (CVSS 9.8)

Datum: 
18/05/2022

Bronnen

Official Manufacturer: https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
NVD: NVD - CVE-2022-30525 (nist.gov)

Risico’s

Firewall products are used to protect the internal network infrastructure and keep attackers out of the internal network.
Attackers are actively exploiting this critical vulnerability in order to gain access to systems and use the VPN and Firewall products as initial access points into the internal network.

Access can be used or sold afterwards for espionage, data exfiltration, ransomware, and other high-impact attacks.

Beschrijving

Successful exploitation allows a remote attacker to inject arbitrary commands without authentication, which can enable the attacker to gain access on the system and move laterally to the rest of the network.

Aanbevolen acties

CERT.be recommends upgrading Zyxel device firmware to version "ZLD V5.30".

CERT.be recommends using Two-Factor Authentication (2FA) protection for admin and VPN connections configured on these devices.

Referenties

Manufacturer:

Mitre:

NVD: 

Other: