Lucene search

ZyxelCVELIST:CVE-2023-5797

HistoryNov 28, 2023 - 2:00 a.m.

CVE-2023-5797

2023-11-2802:00:59

CWE-269

Zyxel

www.cve.org

zyxel atp

usg flex

privilege management

vulnerability

firmware versions

authenticated attacker

administrator logs

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": " versions 4.32 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.50 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.16 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.16 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "versions 4.30 through 5.37"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NWA50AX firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.29(ABYW.2)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WAC500 firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.65(ABVS.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WAX300H firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.60(ACHF.1)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "WBE660S firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "6.65(ACGG.1)"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-5797