CVE-2024-9677 (GCVE-0-2024-9677)
Vulnerability from cvelistv5 – Published: 2024-10-22 01:19 – Updated: 2024-10-22 15:52
VLAI?
Summary
The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.
Severity ?
5.5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zyxel | USG FLEX H series uOS firmware |
Affected:
<= V1.21
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "usg_flex_700h_firmware",
"vendor": "zyxel",
"versions": [
{
"lessThanOrEqual": "1.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:29:58.494312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:52:56.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "USG FLEX H series uOS firmware",
"vendor": "Zyxel",
"versions": [
{
"status": "affected",
"version": "\u003c= V1.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u0026nbsp;could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out."
}
],
"value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T01:19:53.188Z",
"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"shortName": "Zyxel"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
"assignerShortName": "Zyxel",
"cveId": "CVE-2024-9677",
"datePublished": "2024-10-22T01:19:53.188Z",
"dateReserved": "2024-10-09T05:14:46.238Z",
"dateUpdated": "2024-10-22T15:52:56.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.30\", \"matchCriteriaId\": \"B53BCCF3-FFFC-4E52-997E-36A632C81F00\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED28D5ED-B21A-4CD6-947E-9C21EA801B7D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09D15ECD-4942-407A-A62E-9785568C6B78\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD7E9028-1ECB-4D88-84D8-CFC589B429AE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE57BCA4-8631-460A-BFE3-BB765E5D009F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8832743A-99FA-417E-BCE1-4BF7D4CEF9BE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de credenciales insuficientemente protegidas en el comando CLI de la versi\\u00f3n de firmware uOS V1.21 y versiones anteriores de la serie USG FLEX H podr\\u00eda permitir que un atacante local autenticado obtenga una escalada de privilegios al robar el token de autenticaci\\u00f3n de un administrador que inici\\u00f3 sesi\\u00f3n. Tenga en cuenta que este ataque podr\\u00eda tener \\u00e9xito solo si el administrador no ha cerrado sesi\\u00f3n.\"}]",
"id": "CVE-2024-9677",
"lastModified": "2024-12-05T22:11:15.217",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@zyxel.com.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
"published": "2024-10-22T02:15:04.380",
"references": "[{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024\", \"source\": \"security@zyxel.com.tw\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security@zyxel.com.tw\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-9677\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2024-10-22T02:15:04.380\",\"lastModified\":\"2024-12-05T22:11:15.217\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de credenciales insuficientemente protegidas en el comando CLI de la versi\u00f3n de firmware uOS V1.21 y versiones anteriores de la serie USG FLEX H podr\u00eda permitir que un atacante local autenticado obtenga una escalada de privilegios al robar el token de autenticaci\u00f3n de un administrador que inici\u00f3 sesi\u00f3n. Tenga en cuenta que este ataque podr\u00eda tener \u00e9xito solo si el administrador no ha cerrado sesi\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.30\",\"matchCriteriaId\":\"B53BCCF3-FFFC-4E52-997E-36A632C81F00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED28D5ED-B21A-4CD6-947E-9C21EA801B7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D15ECD-4942-407A-A62E-9785568C6B78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD7E9028-1ECB-4D88-84D8-CFC589B429AE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE57BCA4-8631-460A-BFE3-BB765E5D009F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8832743A-99FA-417E-BCE1-4BF7D4CEF9BE\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9677\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T14:29:58.494312Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:zyxel:usg_flex_100hp_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*\", \"cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"zyxel\", \"product\": \"usg_flex_700h_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.21\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T15:52:50.342Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"USG FLEX H series uOS firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= V1.21\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u0026nbsp;could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-522\", \"description\": \"CWE-522 Insufficiently Protected Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2024-10-22T01:19:53.188Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-9677\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-22T15:52:56.281Z\", \"dateReserved\": \"2024-10-09T05:14:46.238Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2024-10-22T01:19:53.188Z\", \"assignerShortName\": \"Zyxel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…