Lucene search

[email protected]CVE-2023-34140

HistoryJul 17, 2023 - 6:15 p.m.

CVE-2023-34140

2023-07-1718:15:09

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-34140

buffer overflow

zyxel

atp series

usg flex

usg flex 50(w)

usg20(w)-vpn

vpn

nxc2500

nxc5500

firmware

denial of service

dos

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

Affected configurations

NVD

Node

zyxelusg_20w-vpn_firmwareRange4.16–5.37

AND

zyxelusg_20w-vpnMatch-

Node

zyxelusg_2200-vpn_firmwareRange4.30–5.37

AND

zyxelusg_2200-vpnMatch-

Node

zyxelusg_flex_100_firmwareRange4.50–5.37

AND

zyxelusg_flex_100Match-

Node

zyxelusg_flex_100w_firmwareRange4.50–5.37

AND

zyxelusg_flex_100wMatch-

Node

zyxelusg_flex_200_firmwareRange4.50–5.37

AND

zyxelusg_flex_200Match-

Node

zyxelusg_flex_50_firmwareRange4.50–5.37

AND

zyxelusg_flex_50Match-

Node

zyxelusg_flex_500_firmwareRange4.50–5.37

AND

zyxelusg_flex_500Match-

Node

zyxelusg_flex_50w_firmwareRange4.50–5.37

AND

zyxelusg_flex_50wMatch-

Node

zyxelusg_flex_700_firmwareRange4.50–5.37

AND

zyxelusg_flex_700Match-

Node

zyxelzywall_atp100_firmwareRange4.32–5.37

AND

zyxelzywall_atp100Match-

Node

zyxelzywall_atp100w_firmwareRange4.32–5.37

AND

zyxelzywall_atp100wMatch-

Node

zyxelzywall_atp200_firmwareRange4.32–5.37

AND

zyxelzywall_atp200Match-

Node

zyxelzywall_atp500_firmwareRange4.32–5.37

AND

zyxelzywall_atp500Match-

Node

zyxelzywall_atp700_firmwareRange4.32–5.37

AND

zyxelzywall_atp700Match-

Node

zyxelzywall_atp800_firmwareRange4.32–5.37

AND

zyxelzywall_atp800Match-

Node

zyxelzywall_vpn100_firmwareRange4.30–5.37

AND

zyxelzywall_vpn100Match-

Node

zyxelzywall_vpn2s_firmwareRange4.30–5.37

AND

zyxelzywall_vpn2sMatch-

Node

zyxelzywall_vpn300_firmwareRange4.30–5.37

AND

zyxelzywall_vpn300Match-

Node

zyxelzywall_vpn50_firmwareRange4.30–5.37

AND

zyxelzywall_vpn50Match-

Node

zyxelzywall_vpn_100_firmwareRange4.30–5.37

AND

zyxelzywall_vpn_100Match-

Node

zyxelzywall_vpn_300_firmwareRange4.30–5.37

AND

zyxelzywall_vpn_300Match-

Node

zyxelzywall_vpn_50_firmwareRange4.30–5.37

AND

zyxelzywall_vpn_50Match-

Node

zyxelnxc2500_firmwareRange6.10\(aaig.0\)–6.10\(aaig.3\)

AND

zyxelnxc2500Match-

Node

zyxelnxc5500_firmwareRange6.10\(aaos.0\)–6.10\(aaos.4\)

AND

zyxelnxc5500Match-

CPENameOperatorVersion
zyxel:usg_20w-vpn_firmwarezyxel usg 20w-vpn firmwarelt5.37

CPE	Name	Operator	Version
zyxel:usg_20w-vpn_firmware	zyxel usg 20w-vpn firmware	lt	5.37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.32 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.30 through 5.36 Patch 2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NXC2500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.10(AAIG.0) through 6.10(AAIG.3)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NXC5500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.10(AAOS.0) through 6.10(AAOS.4)"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2023-34140

nvd1 cvelist1 prion1 nessus1