PT-2023-06: Unauth Information Exposure leads to Priviledge Escalation in Zyxel products

PT-2023-06: Unauth Information Exposure leads to Priviledge Escalation in Zyxel products

Vendor: Zyxel

Vulnerable product: ATP, USG FLEX, USG FLEX 50(W)/ USG20(W)-VPN, VPN

Vulnerable version: ATP - ZLD V4.32~V5.35; USG FLEX - ZLD V4.50~V5.35; USG FLEX 50(W)/ USG20(W)-VPN - ZLD V4.16~V5.35; VPN - ZLD V4.30~V5.35

Vulnerability type:

• CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

Identifier (ID):

• CVE-2023-22918

Vulnerability vector:

• Base vulnerability score (CVSSv3.1): CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

• Severity (CVSSv3.1): 6.5(medium)

• Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

• Severity (CVSSv4.0): 6.3(medium)

Description:

An issue was identified in Zyxel products affecting: ATP (ZLD V4.32~V5.35); USG FLEX (ZLD V4.50~V5.35); USG FLEX 50(W)/ USG20(W)-VPN (ZLD V4.16~V5.35); VPN (ZLD V4.30~V5.35).
The discovered vulnerability can be exploited by an authenticated attacker to escalate privileges by obtaining encrypted administrator information on the affected device.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 25.04.2023

Recommendations:

• Update to version ZLD V5.36 or higher

Additional information:

• Security advisory

Researcher: Nikita Abramov (Positive Technologies)