[ad_1]
Zyxel has launched software program updates to handle two vital safety flaws affecting choose firewall and VPN merchandise that may very well be abused by distant attackers to realize code execution.
Each the failings – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system.
A quick description of the 2 points is under –
- CVE-2023-33009 – A buffer overflow vulnerability within the notification perform that might allow an unauthenticated attacker to trigger a denial-of-service (DoS) situation and distant code execution.
- CVE-2023-33010 – A buffer overflow vulnerability within the ID processing perform that might allow an unauthenticated attacker to trigger a denial-of-service (DoS) situation and distant code execution.
The next units are impacted –
- ATP (variations ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- USG FLEX (variations ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- USG FLEX50(W) / USG20(W)-VPN (variations ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- VPN (variations ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
- ZyWALL/USG (variations ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)
Safety researchers from TRAPA Safety and STAR Labs SG have been credited with discovering and reporting the failings.
Zero Belief + Deception: Be taught How one can Outsmart Attackers!
Uncover how Deception can detect superior threats, cease lateral motion, and improve your Zero Belief technique. Be a part of our insightful webinar!
The advisory comes lower than a month after Zyxel shipped fixes for one more vital safety flaw in its firewall units that may very well be exploited to realize distant code execution on affected techniques.
The difficulty, tracked as CVE-2023-28771 (CVSS rating: 9.8), was additionally credited to TRAPA Safety, with the networking tools maker blaming it on improper error message dealing with. It has since come beneath energetic exploitation by menace actors related to the Mirai botnet.
[ad_2]