Lucene search

[email protected]CVE-2023-35139

HistoryNov 28, 2023 - 2:15 a.m.

CVE-2023-35139

2023-11-2802:15:42

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-35139

cross-site scripting

xss

zyxel atp

usg flex

firmware

vulnerability

cookie theft

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series firmware versions 5.10 through 5.37, and VPN series firmware versions 5.00 through 5.37, could allow an unauthenticated LAN-based attacker to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed to steal cookies when the user visits the specific CGI used for dumping ZTP logs.

Affected configurations

NVD

Node

zyxelzldRange5.10–5.37

AND

zyxelatp100Match-

zyxelatp100wMatch-

zyxelatp200Match-

zyxelatp500Match-

zyxelatp700Match-

zyxelatp800Match-

Node

zyxelzldRange5.00–5.37

AND

zyxelusg_flex_100Match-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_50wMatch-

zyxelusg_flex_700Match-

Node

zyxelzldRange5.10–5.37

AND

zyxelusg_20w-vpnMatch-

zyxelvpn50wMatch-

Node

zyxelzldRange5.00–5.37

AND

zyxelvpn100Match-

zyxelvpn1000Match-

zyxelvpn300Match-

zyxelvpn50Match-

CPENameOperatorVersion
zyxel:zldzyxel zldle5.37

CPE	Name	Operator	Version
zyxel:zld	zyxel zld	le	5.37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 5.10 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": " versions 5.00 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": " USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 5.10 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": " versions 5.10 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 5.00 through 5.37"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-35139

prion1 cvelist1 nvd1