PT-2023-04: Unauth Command Injection in Zyxel products

Vendor: Zyxel

Vulnerable product: ATP, USG FLEX, USG FLEX 50(W)/ USG20(W)-VPN, VPN

Vulnerable version: ATP - ZLD V5.10~V5.35; USG FLEX - ZLD V5.00~V5.35; USG FLEX 50(W)/ USG20(W)-VPN - ZLD V5.10~V5.35; VPN - ZLD V5.00~V5.35

Vulnerability type:

• CWE-20: Improper Input Validation

Identifier (ID):

• CVE-2023-22916

Vulnerability vector:

• Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

• Severity (CVSSv3.1): 8.1(high)

• Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

• Severity (CVSSv4.0): 7.2(high)

Description:

An issue was identified in Zyxel products affecting: ATP (ZLD V5.10~V5.35); USG FLEX (ZLD V5.00~V5.35); USG FLEX 50(W)/ USG20(W)-VPN (ZLD V5.10~V5.35); VPN (ZLD V5.00~V5.35).
The discovered vulnerability can be exploited by an unauthenticated attacker to modify device configuration data, causing a denial of service (DoS) condition. Exploitation of the vulnerability is possible if an authorized administrator switches management mode to cloud mode.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 25.04.2023

Recommendations:

• Update to version ZLD V5.36 or higher

Additional information:

• Security advisory

Researcher: Nikita Abramov (Positive Technologies)