Lucene search

[email protected]CVE-2023-27991

HistoryApr 24, 2023 - 6:15 p.m.

CVE-2023-27991

2023-04-2418:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-27991

zyxel atp

usg flex

usg20(w)-vpn

firmware vulnerability

command injection

cli

nvd

cybersecurity

os command execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

Affected configurations

NVD

Node

zyxelatp200_firmwareRange4.32–5.36

AND

zyxelatp200Match-

Node

zyxelatp100_firmwareRange4.32–5.36

AND

zyxelatp100Match-

Node

zyxelatp700_firmwareRange4.32–5.36

AND

zyxelatp700Match-

Node

zyxelatp500_firmwareRange4.32–5.36

AND

zyxelatp500Match-

Node

zyxelatp100w_firmwareRange4.32–5.36

AND

zyxelatp100wMatch-

Node

zyxelatp800_firmwareRange4.32–5.36

AND

zyxelatp800Match-

Node

zyxelusg_flex_100_firmwareRange4.50–5.36

AND

zyxelusg_flex_100Match-

Node

zyxelusg_flex_50_firmwareRange4.50–5.36

AND

zyxelusg_flex_50Match-

Node

zyxelusg_flex_200_firmwareRange4.50–5.36

AND

zyxelusg_flex_200Match-

Node

zyxelusg_flex_500_firmwareRange4.50–5.36

AND

zyxelusg_flex_500Match-

Node

zyxelusg_flex_700_firmwareRange4.50–5.36

AND

zyxelusg_flex_700Match-

Node

zyxelusg_flex_100w_firmwareRange4.50–5.36

AND

zyxelusg_flex_100wMatch-

Node

zyxelusg_20w-vpn_firmwareRange4.16–5.36

AND

zyxelusg_20w-vpnMatch-

Node

zyxelusg_flex_50w_firmwareRange4.16–5.36

AND

zyxelusg_flex_50wMatch-

Node

zyxelusg20-vpn_firmwareRange4.30–5.36

AND

zyxelusg20-vpnMatch-

Node

zyxelvpn100_firmwareRange4.30–5.36

AND

zyxelvpn100Match-

Node

zyxelvpn1000_firmwareRange4.30–5.36

AND

zyxelvpn1000Match-

Node

zyxelvpn300_firmwareRange4.30–5.36

AND

zyxelvpn300Match-

Node

zyxelvpn50_firmwareRange4.30–5.36

AND

zyxelvpn50Match-

CPENameOperatorVersion
zyxel:atp200_firmwarezyxel atp200 firmwarelt5.36

CPE	Name	Operator	Version
zyxel:atp200_firmware	zyxel atp200 firmware	lt	5.36

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "ATP series firmware",
    "versions": [
      {
        "version": "4.32 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG FLEX series firmware",
    "versions": [
      {
        "version": "4.50 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG FLEX 50(W) firmware",
    "versions": [
      {
        "version": "4.16 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG20(W)-VPN firmware",
    "versions": [
      {
        "version": "4.16 through 5.35",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "VPN series firmware",
    "versions": [
      {
        "version": "4.30 through 5.35",
        "status": "affected"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for CVE-2023-27991

cvelist1 prion1 nvd1 thn1