Lucene search

[email protected]CVE-2022-38547

HistoryFeb 07, 2023 - 2:15 a.m.

CVE-2022-38547

2023-02-0702:15:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022

38547

zyxel

command injection

vulnerability

cli

firmware

os commands

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.0%

JSON

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.

CPENameOperatorVersion
zyxel:atp100_firmwarezyxel atp100 firmwarele5.32
zyxel:atp200_firmwarezyxel atp200 firmwarele5.32
zyxel:atp700_firmwarezyxel atp700 firmwarele5.32
zyxel:atp500_firmwarezyxel atp500 firmwarele5.32
zyxel:atp100w_firmwarezyxel atp100w firmwarele5.32
zyxel:atp800_firmwarezyxel atp800 firmwarele5.32
zyxel:usg_flex_50_firmwarezyxel usg flex 50 firmwarele5.32
zyxel:usg_flex_200_firmwarezyxel usg flex 200 firmwarele5.32
zyxel:usg_flex_500_firmwarezyxel usg flex 500 firmwarele5.32
zyxel:usg_flex_700_firmwarezyxel usg flex 700 firmwarele5.32

CPE	Name	Operator	Version
zyxel:atp100_firmware	zyxel atp100 firmware	le	5.32
zyxel:atp200_firmware	zyxel atp200 firmware	le	5.32
zyxel:atp700_firmware	zyxel atp700 firmware	le	5.32
zyxel:atp500_firmware	zyxel atp500 firmware	le	5.32
zyxel:atp100w_firmware	zyxel atp100w firmware	le	5.32
zyxel:atp800_firmware	zyxel atp800 firmware	le	5.32
zyxel:usg_flex_50_firmware	zyxel usg flex 50 firmware	le	5.32
zyxel:usg_flex_200_firmware	zyxel usg flex 200 firmware	le	5.32
zyxel:usg_flex_500_firmware	zyxel usg flex 500 firmware	le	5.32
zyxel:usg_flex_700_firmware	zyxel usg flex 700 firmware	le	5.32

Rows per page:

1-10 of 251

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-rce-in-firewalls

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.0%

JSON

Related for CVE-2022-38547

cvelist1 prion1