Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-2031
Vulnerability from csaf_certbund
Published
2024-09-02 22:00
Modified
2024-11-20 23:00
Summary
Zyxel Firewall: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Zyxel ist ein Hersteller von Netzwerkkomponenten, u.a. von Firewalls.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in der Zyxel Firewall ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen oder Cross-Stie Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Hardware Appliance
{ document: { aggregate_severity: { text: "kritisch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Zyxel ist ein Hersteller von Netzwerkkomponenten, u.a. von Firewalls.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in der Zyxel Firewall ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen oder Cross-Stie Scripting-Angriffe durchzuführen.", title: "Angriff", }, { category: "general", text: "- Hardware Appliance", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-2031 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2031.json", }, { category: "self", summary: "WID-SEC-2024-2031 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2031", }, { category: "external", summary: "Zyxel security advisory vom 2024-09-02", url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, { category: "external", summary: "Zyxel security advisory vom 2024-11-20", url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024", }, ], source_lang: "en-US", title: "Zyxel Firewall: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-20T23:00:00.000+00:00", generator: { date: "2024-11-21T09:04:16.141+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-2031", initial_release_date: "2024-09-02T22:00:00.000+00:00", revision_history: [ { date: "2024-09-02T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-11-20T23:00:00.000+00:00", number: "2", summary: "Zyxel meldet aktive Ausnutzung", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<5.39", product: { name: "Zyxel Firewall <5.39", product_id: "T037231", }, }, { category: "product_version", name: "5.39", product: { name: "Zyxel Firewall 5.39", product_id: "T037231-fixed", product_identification_helper: { cpe: "cpe:/h:zyxel:firewall:5.39", }, }, }, ], category: "product_name", name: "Firewall", }, ], category: "vendor", name: "Zyxel", }, ], }, vulnerabilities: [ { cve: "CVE-2024-42057", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in der Zyxel Firewall. Dieser Fehler besteht unter bestimmten Umständen in der IPSec-VPN-Funktion. Durch Senden eines manipulierten Benutzernamens an das verwundbare Gerät kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um beliebige Befehle auszuführen.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-42057", }, { cve: "CVE-2024-42058", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in der Zyxel Firewall. Dieser Fehler ist auf eine NULL-Pointer-Dereferenz zurückzuführen. Durch das Senden von manipulierten Paketen kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-42058", }, { cve: "CVE-2024-42059", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Zyxel Firewall. Diese Fehler sind auf ein Problem bei der Injection von Befehlen nach der Authentifizierung zurückzuführen. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige OS-Befehle auszuführen.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-42059", }, { cve: "CVE-2024-42060", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Zyxel Firewall. Diese Fehler sind auf ein Problem bei der Injection von Befehlen nach der Authentifizierung zurückzuführen. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige OS-Befehle auszuführen.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-42060", }, { cve: "CVE-2024-7203", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in der Zyxel Firewall. Diese Fehler sind auf ein Problem bei der Injection von Befehlen nach der Authentifizierung zurückzuführen. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebige OS-Befehle auszuführen.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-7203", }, { cve: "CVE-2024-42061", notes: [ { category: "description", text: "In Zyxel Firewall existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in dem CGI-Programm nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-42061", }, { cve: "CVE-2024-6343", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in der Zyxel Firewall. Dieser Fehler besteht im CGI-Programm aufgrund eines Buffer Overflows. Durch das Senden einer manipulierten HTTP-Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037231", ], }, release_date: "2024-09-02T22:00:00.000+00:00", title: "CVE-2024-6343", }, ], }
cve-2024-42057
Vulnerability from cvelistv5
Published
2024-09-03 01:43
Modified
2024-09-03 13:54
Severity ?
EPSS score ?
Summary
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V4.32 through V5.38 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "atp800_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.32", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_700h_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.5", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_50w_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.16", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42057", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:46:54.243981Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:54:39.611Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.32 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.50 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX 50(W) series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG20(W)-VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.", }, ], value: "A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:43:28.106Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-42057", datePublished: "2024-09-03T01:43:28.106Z", dateReserved: "2024-07-29T02:36:19.275Z", dateUpdated: "2024-09-03T13:54:39.611Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7203
Vulnerability from cvelistv5
Published
2024-09-03 01:36
Modified
2024-09-03 13:55
Severity ?
EPSS score ?
Summary
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V4.60 through V5.38 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "atp800_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.60", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_700h_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.60", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7203", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:47:08.654398Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:55:28.588Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.60 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.60 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.", }, ], value: "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:36:32.110Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-7203", datePublished: "2024-09-03T01:36:32.110Z", dateReserved: "2024-07-29T02:23:50.535Z", dateUpdated: "2024-09-03T13:55:28.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42061
Vulnerability from cvelistv5
Published
2024-09-03 01:59
Modified
2024-09-03 13:48
Severity ?
EPSS score ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V4.32 through V5.38 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42061", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:48:31.873349Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:48:38.734Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.32 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.50 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX 50(W) series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG20(W)-VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A reflected cross-site scripting (XSS) vulnerability in the CGI program \"dynamic_script.cgi\" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.", }, ], value: "A reflected cross-site scripting (XSS) vulnerability in the CGI program \"dynamic_script.cgi\" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:59:36.884Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-42061", datePublished: "2024-09-03T01:59:36.884Z", dateReserved: "2024-07-29T02:36:19.275Z", dateUpdated: "2024-09-03T13:48:38.734Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42058
Vulnerability from cvelistv5
Published
2024-09-03 01:47
Modified
2024-09-03 13:54
Severity ?
EPSS score ?
Summary
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V4.32 through V5.38 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "atp800_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.32", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_700h_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.5", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_50w_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "5.20", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42058", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:46:39.521652Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:54:13.924Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.32 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.50 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX 50(W) series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V5.20 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG20(W)-VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V5.20 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.", }, ], value: "A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V5.20 through V5.38, and USG20(W)-VPN series firmware versions from V5.20 through V5.38 could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:47:29.258Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-42058", datePublished: "2024-09-03T01:47:29.258Z", dateReserved: "2024-07-29T02:36:19.275Z", dateUpdated: "2024-09-03T13:54:13.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42059
Vulnerability from cvelistv5
Published
2024-09-03 01:51
Modified
2024-09-03 13:53
Severity ?
EPSS score ?
Summary
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V5.00 through V5.38 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_50w_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "5.00", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "atp800_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "5.00", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_700h_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "5.00", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42059", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:46:05.210137Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:53:11.888Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V5.00 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V5.00 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX 50(W) series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V5.00 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG20(W)-VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V5.00 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.", }, ], value: "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions from V5.00 through V5.38, and USG20(W)-VPN series firmware versions from V5.00 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:51:20.796Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-42059", datePublished: "2024-09-03T01:51:20.796Z", dateReserved: "2024-07-29T02:36:19.275Z", dateUpdated: "2024-09-03T13:53:11.888Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6343
Vulnerability from cvelistv5
Published
2024-09-03 01:28
Modified
2024-09-03 13:47
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V4.32 through V5.38 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-6343", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:47:22.473001Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:47:31.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.32 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.50 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX 50(W) series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG20(W)-VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.", }, ], value: "A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:38:00.832Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-6343", datePublished: "2024-09-03T01:28:27.056Z", dateReserved: "2024-06-26T03:23:36.684Z", dateUpdated: "2024-09-03T13:47:31.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42060
Vulnerability from cvelistv5
Published
2024-09-03 01:54
Modified
2024-09-03 13:43
Severity ?
EPSS score ?
Summary
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zyxel | ATP series firmware |
Version: versions V4.32 through V5.38 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "atp800_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.32", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_700h_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.5", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "usg_flex_50w_firmware", vendor: "zyxel", versions: [ { lessThanOrEqual: "5.38", status: "affected", version: "4.16", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42060", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T13:07:39.814236Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T13:43:44.353Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ATP series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.32 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.50 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG FLEX 50(W) series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, { defaultStatus: "unaffected", product: "USG20(W)-VPN series firmware", vendor: "Zyxel", versions: [ { status: "affected", version: "versions V4.16 through V5.38", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.", }, ], value: "A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-03T01:54:57.221Z", orgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", shortName: "Zyxel", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "96e50032-ad0d-4058-a115-4d2c13821f9f", assignerShortName: "Zyxel", cveId: "CVE-2024-42060", datePublished: "2024-09-03T01:54:57.221Z", dateReserved: "2024-07-29T02:36:19.275Z", dateUpdated: "2024-09-03T13:43:44.353Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.