Lucene search

[email protected]CVE-2022-0342

HistoryMar 28, 2022 - 1:15 p.m.

CVE-2022-0342

2022-03-2813:15:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2022-0342

zyxel

authentication bypass

vulnerability

firmware

cgi program

usg

zywall

atp

vpn

nsg

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

CPENameOperatorVersion
zyxel:usg40_firmwarezyxel usg40 firmwarelt4.71
zyxel:usg40w_firmwarezyxel usg40w firmwarelt4.71
zyxel:usg60_firmwarezyxel usg60 firmwarelt4.71
zyxel:usg60w_firmwarezyxel usg60w firmwarelt4.71
zyxel:zywall_110_firmwarezyxel zywall 110 firmwarelt4.71
zyxel:zywall_310_firmwarezyxel zywall 310 firmwarelt4.71
zyxel:zywall_1100_firmwarezyxel zywall 1100 firmwarelt4.71
zyxel:usg_flex_100_firmwarezyxel usg flex 100 firmwarele5.20
zyxel:usg_flex_200_firmwarezyxel usg flex 200 firmwarele5.20
zyxel:usg_flex_500_firmwarezyxel usg flex 500 firmwarele5.20

CPE	Name	Operator	Version
zyxel:usg40_firmware	zyxel usg40 firmware	lt	4.71
zyxel:usg40w_firmware	zyxel usg40w firmware	lt	4.71
zyxel:usg60_firmware	zyxel usg60 firmware	lt	4.71
zyxel:usg60w_firmware	zyxel usg60w firmware	lt	4.71
zyxel:zywall_110_firmware	zyxel zywall 110 firmware	lt	4.71
zyxel:zywall_310_firmware	zyxel zywall 310 firmware	lt	4.71
zyxel:zywall_1100_firmware	zyxel zywall 1100 firmware	lt	4.71
zyxel:usg_flex_100_firmware	zyxel usg flex 100 firmware	le	5.20
zyxel:usg_flex_200_firmware	zyxel usg flex 200 firmware	le	5.20
zyxel:usg_flex_500_firmware	zyxel usg flex 500 firmware	le	5.20

Rows per page:

1-10 of 231

References

www.zyxel.com/support/Zyxel-security-advisory-for-authentication-bypass-vulnerability-of-firewalls.shtml

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2022-0342

nuclei1 malwarebytes1 prion1 hivepro2 thn1