Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: CRITICAL VULNERABILITY IN ZYXEL FIREWALLS, POC IS AVAILABLE, PATCH IMMEDIATELY
Image
Published : 25/05/2023
Reference:
Advisory #2023-59
Version:
1.0
Affected software:
ATP series firmware versions 4.60 through 5.35
USG FLEX series firmware versions 4.60 through 5.35
VPN series firmware versions 4.60 through 5.35
ZyWALL/USG series firmware versions 4.60 through 4.73
Type:
Command Injection
CVE/CVSS:
CVE-2023-28771, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Sources
Risks
Zyxel Networks has fixed a command injection vulnerability, CVE-2023-28771, affecting a variety of Zyxel firewalls.
Successful exploitation of this vulnerability could allow an unauthenticated to execute some OS commands remotely by sending crafted packets to an affected device.
Proof-of-concept (POC) code has been published, thus near future exploitation is high likely.
Description
Zyxel firewalls are Next-Generation firewalls used by organizations for security protection.
The command injection vulnerability affects : Zyxel APT, USG FLEX, and VPN firewalls running versions v4.60 to v5.35 of the ZDL firmware, and Zyxel ZyWALL/USG gateways/firewalls running ZLD v4.60 to v4.73.
This vulnerability arises from improper error message handling in affected products, which could allow an unauthenticated attacker to achieve OS command execution as the root user.
Recommended Actions
The Centre for Cybersecurity Belgium strongly recommends system administrators to patch their Zyxel systems after thorough testing. Please check your Zyxel Networks security page to find the specific patch. Some initial references are already available on the NVD reference below.
References
https://attackerkb.com/topics/N3i8dxpFKS/cve-2023-28771/rapid7-analysis