Lucene search

[email protected]CVE-2023-22913

HistoryApr 24, 2023 - 5:15 p.m.

CVE-2023-22913

2023-04-2417:15:09

CWE-77

[email protected]

web.nvd.nist.gov

cve

2023

22913

zyxel

usg flex

vpn

firmware

command injection

vulnerability

dos

nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.

Affected configurations

NVD

Node

zyxelusg_flex_100Match-

AND

zyxelusg_flex_100_firmwareRange4.50–5.35

Node

zyxelusg_flex_100wMatch-

AND

zyxelusg_flex_100w_firmwareRange4.50–5.35

Node

zyxelusg_flex_200Match-

AND

zyxelusg_flex_200_firmwareRange4.50–5.35

Node

zyxelusg_flex_50Match-

AND

zyxelusg_flex_50_firmwareRange4.50–5.35

Node

zyxelusg_flex_50wMatch-

AND

zyxelusg_flex_50w_firmwareRange4.50–5.35

Node

zyxelusg_flex_500Match-

AND

zyxelusg_flex_500_firmwareRange4.50–5.35

Node

zyxelusg_flex_700Match-

AND

zyxelusg_flex_700_firmwareRange4.50–5.35

Node

zyxelvpn100Match-

AND

zyxelvpn100_firmwareRange4.50–5.35

Node

zyxelvpn1000Match-

AND

zyxelvpn1000_firmwareRange4.50–5.35

Node

zyxelvpn300Match-

AND

zyxelvpn300_firmwareRange4.50–5.35

Node

zyxelvpn50Match-

AND

zyxelvpn50_firmwareRange4.50–5.35

CPENameOperatorVersion
zyxel:usg_flex_100_firmwarezyxel usg flex 100 firmwarele5.35

CPE	Name	Operator	Version
zyxel:usg_flex_100_firmware	zyxel usg flex 100 firmware	le	5.35

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "USG FLEX series firmware",
    "versions": [
      {
        "version": "4.50 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "VPN series firmware",
    "versions": [
      {
        "version": "4.30 through 5.35",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVE-2023-22913

cvelist1 nvd1 prion1 thn1