Lucene search

[email protected]NVD:CVE-2023-35136

HistoryNov 28, 2023 - 2:15 a.m.

CVE-2023-35136

2023-11-2802:15:42

CWE-20

[email protected]

web.nvd.nist.gov

quagga

zyxel atp

usg flex

configuration files

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Affected configurations

NVD

Node

zyxelzldRange4.32–5.37

AND

zyxelatp100Match-

zyxelatp100wMatch-

zyxelatp200Match-

zyxelatp500Match-

zyxelatp700Match-

zyxelatp800Match-

Node

zyxelzldRange4.50–5.37

AND

zyxelusg_flex_100Match-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_50wMatch-

zyxelusg_flex_700Match-

Node

zyxelzldRange4.16–5.37

AND

zyxelusg_20w-vpnMatch-

zyxelvpn50wMatch-

Node

zyxelzldRange4.30–5.37

AND

zyxelvpn100Match-

zyxelvpn1000Match-

zyxelvpn300Match-

zyxelvpn50Match-

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-35136

cve1 cvelist1 prion1 nessus2