Lucene search

[email protected]CVE-2023-37926

HistoryNov 28, 2023 - 2:15 a.m.

CVE-2023-37926

2023-11-2802:15:42

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-37926

buffer overflow

zyxel

atp

usg flex

usg20(w)-vpn

firmware

dos

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to cause denial-of-service (DoS) conditions by executing the CLI command to dump system logs on an affected device.

Affected configurations

NVD

Node

zyxelzldRange4.32–5.37

AND

zyxelatp100Match-

zyxelatp100wMatch-

zyxelatp200Match-

zyxelatp500Match-

zyxelatp700Match-

zyxelatp800Match-

Node

zyxelzldRange4.50–5.37

AND

zyxelusg_flex_100Match-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_50wMatch-

zyxelusg_flex_700Match-

Node

zyxelzldRange4.16–5.37

AND

zyxelusg_20w-vpnMatch-

zyxelvpn50wMatch-

Node

zyxelzldRange4.30–5.37

AND

zyxelvpn100Match-

zyxelvpn1000Match-

zyxelvpn300Match-

zyxelvpn50Match-

CPENameOperatorVersion
zyxel:zldzyxel zldle5.37

CPE	Name	Operator	Version
zyxel:zld	zyxel zld	le	5.37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.32 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.50 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.16 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.16 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.30 through 5.37"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-37926

prion1 nvd1 cvelist1 nessus1