Lucene search

[email protected]NVD:CVE-2023-5960

HistoryNov 28, 2023 - 3:15 a.m.

CVE-2023-5960

2023-11-2803:15:07

CWE-269

[email protected]

web.nvd.nist.gov

vulnerability

privilege management

zyxel usg flex

vpn

firmware

local attacker

system files access

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

Affected configurations

NVD

Node

zyxelzldRange4.50–5.37

AND

zyxelusg_flex_100Match-

zyxelusg_flex_100wMatch-

zyxelusg_flex_200Match-

zyxelusg_flex_50Match-

zyxelusg_flex_500Match-

zyxelusg_flex_50wMatch-

zyxelusg_flex_700Match-

Node

zyxelzldRange4.30–5.37

AND

zyxelvpn100Match-

zyxelvpn1000Match-

zyxelvpn300Match-

zyxelvpn50Match-

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-5960

cve1 cvelist1 prion1 nessus1