Zyxel Firewalls security alert!
A serious vulnerability in Zyxel firewalls has been discovered, which in the worst case, can be used to execute local commands with root privileges. Security updates are already available.
The root vulnerability (CVE-2022-30526) has been rated "high" and attackers can issue their commands via the CLI component. By exploiting the second vulnerability (CVe-2022-2030 "medium"), attackers could potentially gain unauthorized access to files on the device.
Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls
Regards @colinardo
The root vulnerability (CVE-2022-30526) has been rated "high" and attackers can issue their commands via the CLI component. By exploiting the second vulnerability (CVe-2022-2030 "medium"), attackers could potentially gain unauthorized access to files on the device.
List of affected devices:
Affected model | Affected version | Patch availability | |
---|---|---|---|
CVE-2022-30526 | CVE-2022-2030 | ||
USG FLEX 100(W), 200, 500, 700 | ZLD V4.50~V5.30 | ZLD V4.50~V5.30 | ZLD V5.31 |
USG FLEX 50(W) / USG20(W)-VPN | ZLD V4.16~V5.30 | ZLD V4.16~V5.30 | ZLD V5.31| |
ATP series | ZLD V4.32~V5.30 | ZLD V4.32~V5.30 | ZLD V5.31 |
VPN series | ZLD V4.30~V5.30 | ZLD V4.30~V5.30 | ZLD V5.31 |
USG/ZyWALL | ZLD V4.09~V4.72 | ZLD V4.11~V4.72 | ZLD V4.72 week28* |
Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls
Regards @colinardo
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 3387621006
Url: https://administrator.de/contentid/3387621006
Ausgedruckt am: 18.12.2024 um 22:12 Uhr