CVE-2023-6399 (GCVE-0-2023-6399)

Vulnerability from cvelistv5 – Published: 2024-02-20 01:42 – Updated: 2024-08-02 08:28
VLAI?
Summary
A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
Severity ?
5.7 (Medium)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-134 - Use of Externally-Controlled Format String
Assigner
References
Impacted products
Vendor Product Version
Zyxel ATP series firmware Affected: version 4.32 through 5.37 Patch 1
Create a notification for this product.
    Zyxel USG FLEX series firmware Affected: version 4.50 through 5.37 Patch 1
Create a notification for this product.
    Zyxel USG FLEX 50(W) series firmware Affected: version 4.16 through 5.37 Patch 1
Create a notification for this product.
    Zyxel USG20(W)-VPN series firmware Affected: version 4.16 through 5.37 Patch 1
Create a notification for this product.
    Zyxel USG FLEX H series firmware Affected: version 1.10 through 1.10 Patch 1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6399",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-20T15:30:36.983773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:43.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ATP series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.32 through 5.37 Patch 1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "USG FLEX series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.50 through 5.37 Patch 1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": " USG FLEX 50(W) series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.16 through 5.37 Patch 1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "USG20(W)-VPN series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.16 through 5.37 Patch 1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "USG FLEX H series firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "version 1.10 through 1.10 Patch 1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u0026nbsp;USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
            }
          ],
          "value": "A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T09:20:18.921Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2023-6399",
    "datePublished": "2024-02-20T01:42:21.027Z",
    "dateReserved": "2023-11-30T07:58:19.503Z",
    "dateUpdated": "2024-08-02T08:28:21.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \\u201cdeviceid\\u201d daemon by sending a crafted hostname to an affected device if it has the \\u201cDevice Insight\\u201d feature enabled.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de cadena de formato en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) desde 4.16 hasta 5.37 Parche 1 y USG20(W) -Las versiones de firmware de la serie VPN desde la 4.16 hasta la 5.37, parche 1, podr\\u00edan permitir que un usuario de VPN IPSec autenticado provoque condiciones DoS contra el demonio \\\"deviceid\\\" enviando un nombre de host manipulado a un dispositivo afectado si tiene habilitada la funci\\u00f3n \\\"Device Insight\\\".\"}]",
      "id": "CVE-2023-6399",
      "lastModified": "2024-11-21T08:43:46.957",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@zyxel.com.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}]}",
      "published": "2024-02-20T02:15:49.407",
      "references": "[{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\", \"source\": \"security@zyxel.com.tw\"}, {\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@zyxel.com.tw",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@zyxel.com.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6399\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2024-02-20T02:15:49.407\",\"lastModified\":\"2025-01-21T18:36:34.413\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \u201cdeviceid\u201d daemon by sending a crafted hostname to an affected device if it has the \u201cDevice Insight\u201d feature enabled.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de cadena de formato en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) desde 4.16 hasta 5.37 Parche 1 y USG20(W) -Las versiones de firmware de la serie VPN desde la 4.16 hasta la 5.37, parche 1, podr\u00edan permitir que un usuario de VPN IPSec autenticado provoque condiciones DoS contra el demonio \\\"deviceid\\\" enviando un nombre de host manipulado a un dispositivo afectado si tiene habilitada la funci\u00f3n \\\"Device Insight\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"88A27486-8F61-46B1-AA77-1249E75DD8CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"121E2131-A6CB-4714-BD0B-9CDBFF924F10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F7654A1-3806-41C7-82D4-46B0CD7EE53B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"218B2397-5415-4AC0-BFA4-7D24640EF76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F750721F-73AD-4BDD-A407-72D8DEB30C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"069E7437-BF71-4F73-8C0A-44DC9804492B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"F16582B0-232D-4815-86D5-1CFFFFE5990D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B20F854E-486D-46C0-90C8-81153573FEF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE71538C-16FD-43B1-B6CD-EB5988AFB7BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D68A36FF-8CAF-401C-9F18-94F3A2405CF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"9C968353-8FC1-45B7-A2D0-F6713A3BC760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E8933B8-F66E-4667-955E-DB5486534C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2818E8AC-FFEE-4DF9-BF3F-C75166C0E851\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"36C951EB-8950-4927-8F99-81EE1B4856F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3E890B-8BDE-4C22-BFF7-B87495C71C48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3037AE20-8F8B-4656-9534-6436A8AEA8C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B41F437-855B-4490-8011-DF59887BE6D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"EF54B670-3135-4AF9-B72D-F4D8BEE48878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"67FA1CEC-DED7-46D4-A4FC-780431B3EE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFD1CE91-B72C-4589-9A5F-F1164C0193AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B99746-0589-46E6-9CBD-F38619AD97DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"700227C4-A23F-4CFF-839F-B61A44E0E34E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF266069-4FA5-4343-B62C-0940A0C61566\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E0ECA5-7FE6-4E56-A741-E3260C99A43A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B30A4C0-9928-46AD-9210-C25656FB43FB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"DF23ACF5-9961-4BA9-84D2-C09EF39790D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"395E8D72-E9F6-4923-B4DE-875D195B27F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03036815-04AE-4E39-8310-DA19A32CFA48\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"3A8EFB09-4987-4CB6-838D-A15D47A2000D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"45EEA203-C4E3-4916-A9E5-15AB994B53FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A21576D3-6A3F-451C-9B62-E0B0418D5529\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED28D5ED-B21A-4CD6-947E-9C21EA801B7D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"F24FD1EE-4527-4A9D-AFF6-086EB5A30347\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC61CF4F-74D5-4C96-8D8A-779436CF344D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"25EB6607-7241-4D01-BC87-3C3E62B27B6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74ABA7E-AA78-4A13-A64E-C44021591B42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"61F127FD-22D4-48CC-95FC-321722683A6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"31206A47-4A01-4FB7-A0AA-E9D22C63941D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F93B6A06-2951-46D2-A7E1-103D7318D612\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"8198C3A9-5F65-4FC8-8997-81BEB218FE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBDE985D-B016-4303-8EE6-904C79F8FE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D15ECD-4942-407A-A62E-9785568C6B78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"A91D7A49-19EA-43E6-BA4C-A92814DCE37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D764B87E-8B23-4C33-93BB-59B23CFEADBC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD7E9028-1ECB-4D88-84D8-CFC589B429AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"A7494CE3-5299-4B2D-B432-CDAC50D30103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CDA1267-E136-4932-9627-B4D12DB17E27\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92C697A5-D1D3-4FF0-9C43-D27B18181958\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"135DA0CD-2403-44F0-97CF-290B33B4CFAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D168F82-50CE-4E25-B1D9-B50F69463F5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE57BCA4-8631-460A-BFE3-BB765E5D009F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"7D57C8E7-6126-4A9D-A24A-F56719A59E8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1FEDD30-0B80-4F07-8475-156B9FE46883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3953AFFC-18E6-46AA-BC99-EA65726E4D9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D1396E3-731B-4D05-A3F8-F3ABB80D5C29\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"42F9F198-3A49-4BD9-952B-B95E4E3EC19A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5A45A9D-D9C7-495D-BD83-EE088746FD36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"606D09B9-0376-4277-9964-F0580D65C3E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8832743A-99FA-417E-BCE1-4BF7D4CEF9BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"2FB8F3CE-5EE9-41AD-9CB3-014BE1F51F27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5476C178-E553-44FC-854B-5851F0F28469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2D65155-CDF2-4A99-94CA-D4B61B26D32C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"646C1F07-B553-47B0-953B-DC7DE7FD0F8B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"0F8F9B1A-BC4D-450B-86D3-31FDCFAB2BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8C2C47-FE8E-4496-9648-0B264A9A2EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB68246-FD4B-4FB6-9140-63725EA24660\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"110A1CA4-0170-4834-8281-0A3E14FC5584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"CF5BE31C-A1A5-45E1-8E75-804FE2BB5E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0BFA01B-1328-4F96-AE56-D39416A54F0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB0C1EC-512C-4A00-84C6-4F93FDD7739F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7239C54F-EC9E-44B4-AE33-1D36E5448219\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.37\",\"matchCriteriaId\":\"D9927F99-F8B9-43D6-942B-3BADA5F4970F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06D2AD3A-9197-487D-A267-24DE332CC66B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:uos:1.10:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD61F9D7-0229-4A40-903E-F25F67E547F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:uos:1.10:patch1:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B81F51-C82B-4099-99B4-5A53BAAA45C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED28D5ED-B21A-4CD6-947E-9C21EA801B7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACCFC4B1-37DD-4BF7-86A9-5F0A9A2C1D07\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D15ECD-4942-407A-A62E-9785568C6B78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD7E9028-1ECB-4D88-84D8-CFC589B429AE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE57BCA4-8631-460A-BFE3-BB765E5D009F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8832743A-99FA-417E-BCE1-4BF7D4CEF9BE\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:28:21.797Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6399\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-20T15:30:36.983773Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:39.764Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"ATP series firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"version 4.32 through 5.37 Patch 1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Zyxel\", \"product\": \"USG FLEX series firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"version 4.50 through 5.37 Patch 1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Zyxel\", \"product\": \" USG FLEX 50(W) series firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"version 4.16 through 5.37 Patch 1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Zyxel\", \"product\": \"USG20(W)-VPN series firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"version 4.16 through 5.37 Patch 1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Zyxel\", \"product\": \"USG FLEX H series firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"version 1.10 through 1.10 Patch 1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\\u00a0USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \\u201cdeviceid\\u201d daemon by sending a crafted hostname to an affected device if it has the \\u201cDevice Insight\\u201d feature enabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and\u0026nbsp;USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the \\u201cdeviceid\\u201d daemon by sending a crafted hostname to an affected device if it has the \\u201cDevice Insight\\u201d feature enabled.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-134\", \"description\": \"CWE-134 Use of Externally-Controlled Format String\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2024-02-21T09:20:18.921Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-6399\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T08:28:21.797Z\", \"dateReserved\": \"2023-11-30T07:58:19.503Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2024-02-20T01:42:21.027Z\", \"assignerShortName\": \"Zyxel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.