Lucene search

ZyxelVULNRICHMENT:CVE-2024-42057

HistorySep 03, 2024 - 1:43 a.m.

CVE-2024-42057

2024-09-0301:43:28

CWE-78

Zyxel

github.com

command injection

zyxel

ipsec vpn

vulnerability

os commands

unauthenticated attacker

user-based-psk authentication

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "zyxel",
    "product": "atp800_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "4.32",
        "versionType": "custom",
        "lessThanOrEqual": "5.38"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_50ax_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "zyxel",
    "product": "usg_flex_700h_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "4.5",
        "versionType": "custom",
        "lessThanOrEqual": "5.38"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*",
      "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "zyxel",
    "product": "usg_flex_50w_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "4.16",
        "versionType": "custom",
        "lessThanOrEqual": "5.38"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-42057