Lucene search

[email protected]CVE-2023-22914

HistoryApr 24, 2023 - 5:15 p.m.

CVE-2023-22914

2023-04-2417:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-22914

zyxel usg flex

zyxel vpn

firmware vulnerability

path traversal vulnerability

os command execution

authenticated attacker

administrator privileges

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.

Affected configurations

NVD

Node

zyxelusg_flex_100_firmwareRange4.50–5.35

AND

zyxelusg_flex_100Match-

Node

zyxelusg_flex_100w_firmwareRange4.50–5.35

AND

zyxelusg_flex_100wMatch-

Node

zyxelusg_flex_200_firmwareRange4.50–5.35

AND

zyxelusg_flex_200Match-

Node

zyxelusg_flex_50_firmwareRange4.50–5.35

AND

zyxelusg_flex_50Match-

Node

zyxelusg_flex_50w_firmwareRange4.50–5.35

AND

zyxelusg_flex_50wMatch-

Node

zyxelusg_flex_500_firmwareRange4.50–5.35

AND

zyxelusg_flex_500Match-

Node

zyxelusg_flex_700_firmwareRange4.50–5.35

AND

zyxelusg_flex_700Match-

Node

zyxelvpn100_firmwareRange4.50–5.35

AND

zyxelvpn100Match-

Node

zyxelvpn1000_firmwareRange4.50–5.35

AND

zyxelvpn1000Match-

Node

zyxelvpn300_firmwareRange4.50–5.35

AND

zyxelvpn300Match-

Node

zyxelvpn50_firmwareRange4.50–5.35

AND

zyxelvpn50Match-

CPENameOperatorVersion
zyxel:usg_flex_100_firmwarezyxel usg flex 100 firmwarele5.35

CPE	Name	Operator	Version
zyxel:usg_flex_100_firmware	zyxel usg flex 100 firmware	le	5.35

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "USG FLEX series firmware",
    "versions": [
      {
        "version": "4.50 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "VPN series firmware",
    "versions": [
      {
        "version": "4.30 through 5.35",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for CVE-2023-22914

prion1 cvelist1 nvd1