9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.7%
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker to execute arbitrary code by sending a specially crafted packet to the device.
Zyxel addressed the security defect as part of updates released on April 25, 2023. The list of impacted devices is below -
The Shadowserver Foundation, in a recent tweet, said the flaw is βbeing actively exploited to build a Mirai-like botnetβ since May 26, 2023. Cybersecurity firm Rapid7 has also warned of βwidespreadβ in-the-wild abuse of CVE-2023-28771.
In light of this development, itβs imperative that users move quickly to apply the patches to mitigate potential risks. Federal agencies in the U.S. are mandated to update their devices by June 21, 2023.
UPCOMING WEBINAR
π Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!
The disclosure also comes as Palo Alto Networks Unit 42 detailed a new wave of attacks mounted by an active Mirai botnet variant dubbed IZ1H9 since early April 2023.
The intrusions have been found to leverage multiple remote code execution flaws in internet-exposed IoT devices, including Zyxel, to ensnare them into a network for orchestrating distributed denial-of-service (DDoS) attacks.
Itβs worth noting that Mirai has spawned a number of clones ever since its source code was leaked in October 2016. The botnet, named after the 2011 TV anime series Mirai Nikki, was the handiwork of Paras Jha, Josiah White, and Dalton Norman.
βIoT devices have always been a lucrative target for threat actors, and remote code execution attacks continue to be the most common and most concerning threats affecting IoT devices and linux servers,β Unit 42 said.
βThe vulnerabilities used by this threat are less complex, but this does not decrease their impact, since they could still lead to remote code execution.β
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.7%